Comments (4)
After further investigation seems like exchnageCodeForSession throws error and crashes the program. I believe this is a bug because we are already receiving error in { data, error }
We can also see that the request fires TWICE, meaning that the supabase redirects TWICE. We believe the second redirect crashes the program. First is validated & works. Second with exactly the same code crashes, because the code is already used.
from gotrue.
I might have found a lead/related bug - if scopes
includes "https://www.googleapis.com/auth/youtube.readonly"
so you pick a YouTube account after picking Google one and you have only one YouTube account for given gmail, you get to see the pick screen but are getting redirected automatically after a moment - if you explicitly pick and click the account in the meantime, the riderctTo
url will be hit twice! If there is more YT account on your gmail, automatic redirect does not happen and you can pick whatever account you want and everything will be fine
Now the specifics depends - sometimes you will get the same code
twice, sometimes the 2nd code is null
but in both cases You get the 422
error in return and are not logged in! The 30% of the times
failure depends on I guess the timing you explicitly hit the YouTube account and how Google Auth/Supa (dunno) handles it - if you just wait I get positive login 100% of times.
The issue is I don't see the way to prevent this automatic account picking by Google or skipping this screen entirely if there is only one YT account associated to the Google one. One way is to give the consent
every time, because AFAIK this screen does not automatically redirect, so you won't get 2 redirectTo
hits. But the login UX is obnoxious to say the least.
Anyway it seems like the Google Auth issue at the core, but I believe given the Supabase is wrapping the entire process with this specific 422
code error returning, maybe there is some workaround that could be implemented directly in Supa for these "double redirects". WDYT?
from gotrue.
@Forsect is right, this happens a lot!
But I also noticed that sometimes the code is not accepted anyway, even if it's the first time. For no particular reason.
from gotrue.
The issue with my application:
I was redirecting to a webpage with Notion oauth params (/my/app/route?code=[VALUE]&state=value
) that supabase erroneously thought had to do with the supabase session.
from gotrue.
Related Issues (20)
- Supabase Auth latest gotrue migration impossible to resync using Prisma migrate HOT 3
- AuthException(message: FormatException: Unexpected end of input (at character 1) HOT 3
- Anonymous account does not have permission on schema "public" despite having valid JWT with "authenticated" role HOT 2
- Supabase should be sending X-Supabase-API-Version in Access-Control-Allow-Headers HTTP header
- REST API documentation consistency improvements HOT 3
- Raising an exception on postgress via triggers doesn't send the message to the API response HOT 1
- raw_app_meta_data not updated when setting password for 3rd-party authenticated users
- Prevent MFA factor hijacking HOT 3
- With email verification disabled in my project, email verification is still required in order to promote an anonymous user HOT 5
- Email Verification Not Reflected in Identities Table (and JWT)
- docker image version of `supabase/auth` not updated HOT 1
- Invalid JWT if user signIn back via OTP after deleting his account HOT 7
- Auth fails to update user phone number under common conditions
- "Invalid Login Credientals" AuthApiError should have an error code HOT 4
- [mobile] Auth currentSession is null and client cannot recover from this state. HOT 1
- linkIdentity() does not work with React Native HOT 5
- JWT aud claim suddenly an array instead of string HOT 1
- inviteUserByEmail failing on certain instances on the Supabase platform HOT 2
- signInWithPassword does not return an error code when the login credentials are invalid HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gotrue.