-
-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
don't send expired JWTs #403
Comments
First-time contributor here, I'd be happy to take a look at this if it's up for grabs |
Having a look now, thinking of putting the checks in SupabaseClient in the _getAuthHeaders method as a starting point to check on client initialization then opening PRs to the GoTrue, PostgREST, Realtime, and Storage clients to check per request. Would that work @awalias? |
+1 for this. During development I've noticed some issues where if the Chrome engine is inactive for a little bit (say, your comp was on standby) but the tab is still open, I can only assume my JWT will have expired, as I can't query rows. After a little bit, it "fixes" itself, but this is a little annoying to handle as it should be handled as part of the library. |
It's beyond annoying to always be logged out of supabase apps, including the supabase dashboard. |
Yeah, second this |
I think this is fixed now with v2. Congratulations supabase team 👏 |
I am still experiencing this issue with |
If not fixed, with v2 there should be better behavior. We're not seeing problems on app.supabase.com or many other projects. With supabase/postgrest-js#335 this should become even better. I'll close the issue now, do continue to comment if you have any further issues. @cohlar Would you mind using the very latest v2 of the library. Do have in mind that if you're doing server side rendering there can be some confusing behavior that looks like this issue. |
We might want to verify the JWT expiry date locally before sending to the server to query for data, then if there's a
refresh_token
stored locally we might be able to refresh it before making the request, or otherwise triggering a listenable event on the clientrelated: supabase/supabase#889
related: #620
The text was updated successfully, but these errors were encountered: