supabase-js
supabase-js copied to clipboard
supabase
Error on exchangeCodeForSession when setting the token key for password recovery
Bug report
- [x] I confirm this is a bug with Supabase, not with my own application.
- [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
I was trying to work on a more detailed workflow when recovering the password, and when I was taking a look at the source code, I've found a possible bug
When the recovery token is recorded into the storage, the key stored is sb-api-auth-token-code-verifier but when the code tries to exchangeCodeForSession at line 545, ${this.storageKey}-code-verifier.
this.storageKey is a constant set into the constants.ts named STORAGE_KEY and its value is supabase.auth.token
Due to this, when exchangeCodeForSession is executed, since it doesn't find the code-verifier, I receive this error:
AuthApiError: invalid request: both auth code and code verifier should be non-empty
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
- Send a email password reset link
- Check the storage key created
- Click on the reset link
- When redirect to your site with the code query string try to execute
exchangeCodeForSessionwith this value - See the error on console
Expected behavior
Recover the session to reset the password properly
System information
- OS: macOS
- Browser (if applies) chrome
- Version of supabase-js: 2.39.3
- Version of @nuxtjs/supabase: 1.1.5
- Version of VueJs: 3.3.8
- Version of Node.js: 18.16.0
Same bug here, I got this error message:
AuthApiError: invalid request: both auth code and code verifier should be non-empty
at handleError (/Users/.../node_modules/@supabase/auth-js/dist/main/lib/fetch.js:63:11)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async _handleRequest (/Users/.../node_modules/@supabase/auth-js/dist/main/lib/fetch.js:111:9)
at async _request (/Users/.../node_modules/@supabase/auth-js/dist/main/lib/fetch.js:89:18)
at async SupabaseAuthClient._exchangeCodeForSession (/Users/.../node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:409:33)
at async /Users.../node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:736:28 {
__isAuthError: true,
status: 400,
code: undefined
I have followed this steps from the docs
// sign-in.tsx
const { data, error } = await supabase.auth.signInWithOAuth({
provider: "google",
options: {
redirectTo: "http://localhost:5173/auth/callback",
},
});
if (data.url) {
return redirect(data.url);
}
On auth callback route returned by google only contains code ,state , scope etc
import { type LoaderFunctionArgs, redirect } from "@remix-run/cloudflare";
import { supabaseClient } from "~/services/supabase.server";
export async function loader({ request, context }: LoaderFunctionArgs) {
const requestUrl = new URL(request.url);
const code = requestUrl.searchParams.get("code");
const next = requestUrl.searchParams.get("next") || "/";
const headers = new Headers();
console.log("code login\t", code);
if (code) {
const supabase = supabaseClient(request, context, headers);
const { error } = await supabase.auth.exchangeCodeForSession(code);
if (!error) {
return redirect(next, { headers });
}
}
// return the user to an error page with instructions
return redirect("/auth/auth-code-error", { headers });
}
I am getting same error as
AuthApiError: invalid request: both auth code and code verifier should be non-empty
at handleError (/home/hmlesam/FlashNDot/saralcms/dashboard/node_modules/.pnpm/@[email protected]
.4/node_modules/@supabase/auth-js/dist/main/lib/fetch.js:63:11)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async _handleRequest (/home/hmlesam/FlashNDot/saralcms/dashboard/node_modules/.pnpm/@supabase+aut
[email protected]/node_modules/@supabase/auth-js/dist/main/lib/fetch.js:108:9)
at async _request (/home/hmlesam/FlashNDot/saralcms/dashboard/node_modules/.pnpm/@supabase+auth-js@2
.64.4/node_modules/@supabase/auth-js/dist/main/lib/fetch.js:89:18)
at async SupabaseAuthClient._exchangeCodeForSession (/home/hmlesam/FlashNDot/saralcms/dashboard/node
_modules/.pnpm/@[email protected]/node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:408:33)
at async /home/hmlesam/FlashNDot/saralcms/dashboard/node_modules/.pnpm/@[email protected]/node
_modules/@supabase/auth-js/dist/main/GoTrueClient.js:719:28
{
__isAuthError: true,
status: 400,
code: 'validation_failed'
}
System Information: OS: Fedora Nodejs: 20.11.0 "@supabase/ssr": "^0.4.0", "@supabase/supabase-js": "^2.45.0" Framework Remix: "@remix-run/cloudflare": "^2.10.3", "@remix-run/cloudflare-pages": "^2.10.3", "@remix-run/react": "^2.10.3",
