diff --git a/apps/web/app/auth/verify/page.tsx b/apps/web/app/auth/verify/page.tsx
index 8d275bf05..aa128c91b 100644
--- a/apps/web/app/auth/verify/page.tsx
+++ b/apps/web/app/auth/verify/page.tsx
@@ -25,11 +25,9 @@ export const generateMetadata = async () => {
 async function VerifyPage(props: Props) {
   const client = getSupabaseServerClient();
 
-  const {
-    data: { user },
-  } = await client.auth.getUser();
+  const { data } = await client.auth.getClaims();
 
-  if (!user) {
+  if (!data?.claims) {
     redirect(pathsConfig.auth.signIn);
   }
 
@@ -44,7 +42,7 @@ async function VerifyPage(props: Props) {
 
   return (
     <MultiFactorChallengeContainer
-      userId={user.id}
+      userId={data.claims.sub}
       paths={{
         redirectPath,
       }}
diff --git a/apps/web/middleware.ts b/apps/web/middleware.ts
index 0101fed74..4762c71a2 100644
--- a/apps/web/middleware.ts
+++ b/apps/web/middleware.ts
@@ -20,7 +20,7 @@ export const config = {
 const getUser = (request: NextRequest, response: NextResponse) => {
   const supabase = createMiddlewareClient(request, response);
 
-  return supabase.auth.getUser();
+  return supabase.auth.getClaims();
 };
 
 export async function middleware(request: NextRequest) {
@@ -104,14 +104,11 @@ async function adminMiddleware(request: NextRequest, response: NextResponse) {
     return;
   }
 
-  const {
-    data: { user },
-    error,
-  } = await getUser(request, response);
+  const { data, error } = await getUser(request, response);
 
   // If user is not logged in, redirect to sign in page.
   // This should never happen, but just in case.
-  if (!user || error) {
+  if (!data?.claims || error) {
     return NextResponse.redirect(
       new URL(pathsConfig.auth.signIn, request.nextUrl.origin).href,
     );
@@ -141,12 +138,10 @@ function getPatterns() {
     {
       pattern: new URLPattern({ pathname: '/auth/*?' }),
       handler: async (req: NextRequest, res: NextResponse) => {
-        const {
-          data: { user },
-        } = await getUser(req, res);
+        const { data } = await getUser(req, res);
 
         // the user is logged out, so we don't need to do anything
-        if (!user) {
+        if (!data?.claims) {
           return;
         }
 
@@ -168,15 +163,13 @@ function getPatterns() {
     {
       pattern: new URLPattern({ pathname: '/home/*?' }),
       handler: async (req: NextRequest, res: NextResponse) => {
-        const {
-          data: { user },
-        } = await getUser(req, res);
+        const { data } = await getUser(req, res);
 
         const origin = req.nextUrl.origin;
         const next = req.nextUrl.pathname;
 
         // If user is not logged in, redirect to sign in page.
-        if (!user) {
+        if (!data?.claims) {
           const signIn = pathsConfig.auth.signIn;
           const redirectPath = `${signIn}?next=${next}`;
 
diff --git a/package.json b/package.json
index e267dd59d..5b47fdb62 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "next-supabase-saas-kit-turbo",
-  "version": "2.12.0",
+  "version": "2.12.1",
   "private": true,
   "sideEffects": false,
   "engines": {