-
-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: don't refresh session if autoRefreshToken setting is set to false #925
base: master
Are you sure you want to change the base?
Conversation
fix: don't refresh access token if autoRefreshToken is disabled
What's your use case here, and what issue are you running into? |
I am using the Supabase JavaScript client in a NestJS service. This service retrieves the access token from the incoming request to set the session. This setting of the session should not refresh the token automatically on the server side but instead just return an |
I removed the change that makes the |
After setting the session, do you use methods like If not, then this PR would be more applicable once it's released: supabase/supabase-js#1004 |
In my opinion, supabase/supabase-js#1004 and my PR solve/fix two different things. supabase/supabase-js#1004 solves the problem of providing an access token to the Supabase client to make API requests. However, my PR I believe still is fixing a bug where the I would end up using the new API on the server side as described in that PR you linked to. That is a nice solution. |
Do you have anymore feedback regarding this PR? |
Moving this PR forward isn't up to me, as I don't have approval permissions. I know the auth team can get pretty busy, so I'm not sure if/when they will comment. I think there could be some more things to think about with this, because the _loadSession method also checks for token expiration. |
What kind of change does this PR introduce?
Bug fix - Supabase client will obey
autoRefreshToken
setting when setting a session with an expired access tokenWhat is the current behavior?
When a Supabase client is initialized with
{ auth: { autoRefreshToken: false } }
but a session is set with
client.setSession()
and the access token has expired the client will disregard theautoRefreshToken
setting and attempt to refresh the session.What is the new behavior?
The client will not attempt to refresh an expired session when it is set with
client.setSession()
andautoRefreshToken
is set tofalse
.