auth-js icon indicating copy to clipboard operation
auth-js copied to clipboard
verified publisher icon supabase

V2 getUser with no session and no jwt builds incorrect jwt, incorrect authorization header and gets 401 error

Open GaryAustin1 opened this issue 3 years ago • 1 comments

Bug report

When called without a session and a JWT parameter this code: https://github.com/supabase/gotrue-js/blob/66cebfad24d77f610a92a88d40f5d9bc025cf7c5/src/GoTrueClient.ts#L479

is incorrect. It copies "bearer longjwt" to the jwt. When this happens and the request goes out the header is now:

image

To Reproduce

Call getUser() on a browser with no local storage from previous sign in.

Expected behavior

Correct jwt and header set.

Actually would have preferred getUser just return null with no jwt parameter and no session in local storage instead of wasting time sending the anon jwt to the gotrue server.

I used .user() in v1 to see if there was a user in local storage, in v2 I converted that to getUser, but missed that it will attempt to call the database. Now switched to getSession and then session.user.

System information

supabase-js rc.6

GaryAustin1 avatar Aug 27 '22 12:08 GaryAustin1

I wish I saw this earlier. Just spent a lot of time finding the same line of code 😅

robertn702 avatar Aug 27 '22 17:08 robertn702

I believe this has been fixed.

hf avatar Dec 30 '22 18:12 hf