auth-ui icon indicating copy to clipboard operation
auth-ui copied to clipboard

Published 20 hours ago verified publisher icon supabase-community

UserContext setSession resets valid provider_token

Open plondon opened this issue 2 years ago • 1 comments

Bug report

Describe the bug

When onAuthStateChange is called from the UserContext provider for the TOKEN_REFRESHED event the new session does not contain a provider_token. This means the user can no longer interact with the provider api, even though the old provider_token is still valid.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

The

  1. Go to https://app.supabase.com/project/<project_id>/auth/settings
  2. Enable github provider
  3. Set JWT expiry limit to 20 seconds
  4. Login via github on the client
  5. Wait 20 seconds, see that the new session has removed the provider_token

Expected behavior

I'm not sure what the correct behavior should be here, but the provider_token should not be lost without being refreshed. If the provider_token is still valid there is no reason to remove it from the session.

Additional context

The issue stems from setting the session without the old provider_token here: https://github.com/supabase-community/auth-ui/blob/main/packages/react/src/components/Auth/UserContext.tsx#L30

plondon avatar Sep 27 '22 14:09 plondon

Similar discussion: https://github.com/supabase/gotrue-js/issues/131

plondon avatar Sep 27 '22 14:09 plondon