auth-js icon indicating copy to clipboard operation
auth-js copied to clipboard
verified publisher icon supabase

PKCE flow issue with other than supabase `code` query in URL

Open vachmara opened this issue 1 year ago • 1 comments

Bug report

  • [x] I confirm this is a bug with Supabase, not with my own application.
  • [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I am using the @nuxtjs/supabase package and I encounter a bug described in this issue.

I am not able to use other PKCE flows because each time the third app redirects to my main app, GoTrueClient tries to refresh the session with the incorrect code parameter in the URL despite using detectSessionInUrl at initialization of GoTruClient.

I believe this function _isPKCEFlow should only watch specific URLs to manage other PKCE flows.

To Reproduce

  1. Setup a project with nuxt/supabase.
  2. Build a simple authentification system.
  3. On any page, use a query parameter ?code=random.

Expected behavior

Automatically, the GoTrueClient will try to set up a session at initialization and logout current user which is problematic.

Screenshots

image

vachmara avatar May 15 '24 12:05 vachmara