The “SessionProvider is needed for useSession” message shows that some code still imports useSession from next-auth/react.
Instead of hunting every last import, we can safely “stub-out” NextAuth with a tiny shim that:
• Re-implements useSession, signIn, signOut, and SessionProvider on top of our existing useAuth hook.
• Eliminates the runtime check that throws when <SessionProvider> is missing.
This way the remaining imports keep working, while our app stays 100 % Supabase-only—no NextAuth API routes, no fetch errors, no extra provider.
We already replaced useSession() with a shim (lib/next-auth-shim.tsx) that does NOT require <SessionProvider>.
The recurring error means the build is still resolving imports from the real next-auth/react package, not our shim.
Next.js only honours TS “paths” when the mapping is extension-less and points to an existing file – otherwise it falls back to node-modules.
Fix = point the alias directly at our shim (no extension) and cover both
"next-auth/react" and plain "next-auth".
Nothing else changes – the shim is already in lib/next-auth-shim.tsx.
Now every import … from "next-auth/react" (or "next-auth") resolves to the shim, so:
• useSession() no longer throws the “add SessionProvider” error.
• No NextAuth network calls are made.
• Supabase auth continues to work via useAuth() underneath.