auth-js icon indicating copy to clipboard operation
auth-js copied to clipboard

Published 20 hours ago verified publisher icon supabase

don't send expired JWTs

Open awalias opened this issue 3 years ago • 6 comments

We might want to verify the JWT expiry date locally before sending to the server to query for data, then if there's a refresh_token stored locally we might be able to refresh it before making the request, or otherwise triggering a listenable event on the client

related: https://github.com/supabase/supabase/discussions/889 related: https://github.com/supabase/supabase-js/issues/178

awalias avatar Jun 07 '21 03:06 awalias

First-time contributor here, I'd be happy to take a look at this if it's up for grabs

velocity23 avatar Sep 30 '21 11:09 velocity23

Having a look now, thinking of putting the checks in SupabaseClient in the _getAuthHeaders method as a starting point to check on client initialization then opening PRs to the GoTrue, PostgREST, Realtime, and Storage clients to check per request. Would that work @awalias?

velocity23 avatar Oct 01 '21 01:10 velocity23

+1 for this. During development I've noticed some issues where if the Chrome engine is inactive for a little bit (say, your comp was on standby) but the tab is still open, I can only assume my JWT will have expired, as I can't query rows. After a little bit, it "fixes" itself, but this is a little annoying to handle as it should be handled as part of the library.

gitbugr avatar Dec 04 '21 19:12 gitbugr

It's beyond annoying to always be logged out of supabase apps, including the supabase dashboard.

vbylen avatar Jun 25 '22 14:06 vbylen

Yeah, second this

PH4NTOMiki avatar Jul 14 '22 11:07 PH4NTOMiki

I think this is fixed now with v2. Congratulations supabase team 👏

vbylen avatar Aug 16 '22 23:08 vbylen