Comments (16)
Thanks @awalias for clarification. After modifying slack clone
example to use a single Supabase client, everything works properly.
from supabase-js.
The only thing I could think is that the token is expired when you try to log out. A couple of questions:
- Is the browser left open, and then you try to log out after >3 hours?
- There is a
logout
network call about 10 requests above the erroneous network call. Did you hit the button twice? Perhaps you're logged out already and the redirect to the home screen failed for some reason
from supabase-js.
Is the browser left open, and then you try to log out after >3 hours?
I'm able to reproduce this multiple times within a time window of less than 1h
There is a logout network call about 10 requests above the erroneous network call. Did you hit the button twice? Perhaps you're logged out already and the redirect to the home screen failed for some reason
Yes, there are times where the logout call is successful. You can see in the network comms though that after the logout there is a login (token?grant_types=password
, right?). So don't think it's that.
from supabase-js.
@thorwebdev are you just using the OG slack clone example here?
from supabase-js.
@awalias yes, I'm able to observe this also on the official https://supabase-slack-clone.vercel.app/
from supabase-js.
could be some race-condition here? https://github.com/supabase/supabase/blob/1e49eaeb7e0540c9cc1e4dad627e779a33b0500f/examples/slack-clone/pages/_app.js#L43
from supabase-js.
issue is when a user instantiates two or more supabase clients - fix is to always check localStorage before adding this.accessToken as an auth bearer token to see if there is one on the browser
from supabase-js.
It's gotrue logout api bug. The cookie is cleared before calling getUserFromClaims
.
from supabase-js.
On slack-clone app, after an Invalid user
error fires, I can login and logout successfully!!! no idea why the logout can goes through getUserFromClaims
check
However the next login/logout will trigger Invalid user
error again.
from supabase-js.
Oh we didn't update this issue after meeting @thorwebdev last week about this.
The issue here is that Slack-clone app uses two different supabase client instances, and supabase-js only reads from local storage on initiation, and manages it's own state of which user is logged in after that point - so multiple clients can easily get out of sync on current user state
Our options here are:
-
supabase-js should check local storage before each call to see if there has been a change in user auth by a different client instance. This may be expensive
-
we direct people to only init a single supabase client if they're using auth
-
we make createClient return a singleton
any other?
from supabase-js.
@awalias what you describe seems to be another issue related to front-end.
The original error reported by @thorwebdev is from gotrue logout api. It can be reproduced easily.
- start your test supabase project, run
slack clone
quick start to create required tables - pull slack clone app, update env with your test project keys and run it
- login and logout multiple times slack-clone client (with the same acc and client) you can see the error
I already check logout
api on gotrue. The last commit on logout.go
breaks the check mechanism.
Before
it works properly, because the claim is retrieved before clearing token
https://github.com/netlify/gotrue/blob/47cc9ce137a24c96985ee3e742b0f0adfb6f146c/api/logout.go
After
https://github.com/netlify/gotrue/blob/8304885327eb93a7346f4b27658f470499c39107/api/logout.go
from supabase-js.
I think the response from gotrue is actually correct in this instance, if you look at the request headers on the slack clone app, you will see that the apikey and auth bearer headers are the same, in this case the jwt being (mistakenly) sent is the anon
key:
for comparison here is an example of a successful logout, with decoded jwt below:
The bug seems to be that the supabase-js client calling logout
does not have the current user token, since it was already cleared from the client by the other instance
the "double logout" seems to be coming from here: https://github.com/supabase/supabase/blob/fed822f48c5e441eb867fa756443e362ac47423f/examples/slack-clone/components/Layout.js#L59
from supabase-js.
also as a side note - we actually don't make use of the cookies set by go-true, we manage these ourselves using local storage inside supabase-js
from supabase-js.
Currently, supabase-js persists accessToken
, refreshToken
and currentUser
to localstorage while also keeps them as class params inside supabase.auth. When we have multi supabase clients, these params can be out of sync.
We should use localstorage as the source of true and don't keep them as class params. It's the same as how we get authHeader to supply PostgrestClient. What do you think? @kiwicopple
from supabase-js.
- is it inefficient to fetch from local storage every time?
- what about server-side / node
maybe keep track of them internally but always check local storage first (if it exists?)
from supabase-js.
- right now everytime you call a request with postgrest client, it will read localstorage for accessToken to include in the header. It works ok until now. So i think it's efficient enough.
- for server-side, accessToken should included in the header. To get refreshToken and currentUser we can call gotrue
/user
endpoint withaccessToken
from supabase-js.
Related Issues (20)
- Return type generation broken in 2.43.6
- supabase-js `v2.43.6`->`v2.44.0` lose auto-inferred type-safety and failing build HOT 13
- Error occur with select() HOT 2
- Failed npm install due to postinstall.js
- _index.default is undefined - Expo app from Supabase tutorial throws an error on the web HOT 3
- JS Client logs sensitive credentials to stdout/stderr
- Using this package is incompatible with TS flag exactOptionalPropertyTypes
- NEQ doesn't work on joins HOT 3
- Unable to perform Google Sign In after upgrade to v2.44.4
- `createUploadSignedUrl` with upsert does not work HOT 7
- Wrong API key sent with network request HOT 1
- `createSignedUploadUrl` does not validate mime type.
- Can't insantiate Supabase client; fails with GoTrue error "window is not defined." HOT 2
- Client instantiation fails when done as documented. HOT 5
- There is no option for anonymous login in the Supabase Package. HOT 2
- Error code for "invalid login credentials" missing
- Spread operator incorrect type generation
- Upsert does not work with not null with default HOT 2
- Vercel NextJS with-supabase example does not work with latest node20 runtime HOT 3
- createClient doesn't fully initialize in local testing HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from supabase-js.