-
-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update README and docs to explain JWT refresh flow #805
Comments
For example I see this code
from another issue: #452 (comment) Is this the recommended way to handle refresh? |
Right now I have added some code like this:
Where ProfileNotifier is the Provider class which holds onto the user reference.. so I am forcing a refresh token call before every network call if either the session has disappeared but the user is logged in (the provider class holds a valid id), or if the session is present but the token has expired. Does this make sense? Am I handling this correctly? |
I am also not relying on the session state for any of my UI since I have found it to be unreliable. I am relying only on my user state Provider for that. Should we be able to depend on session state for UI? If it is true that we cannot this is something else which I think should be really explicitly documented. |
@ellmaki Would you explain why you thought you had to implement the complicated workarounds you have shared? |
I am also not relying on the session state for any of my UI since I have found it to be unreliable. I am relying only on my user state Provider for that. Should we be able to depend on session state for UI? If it is true that we cannot this is something else which I think should be really explicitly documented. Yes, you can rely on the Supabase auth state in your UI. If |
I think this was possibly the source of all of my problems #806 |
That sounds good, and sorry for the confusion. |
Thanks for addressing it quickly. |
@dshukertjr I want to verify that things are fixed on my end - do you have advice for simulating a JWT expiration event? |
Thank you. Through forcing the expiration I have confirmed that my bugs came from the currentUser null issue. |
Glad to hear that things are working out for you now! |
Right now it is very confusing how to handle the JWT refresh flow for supabase with flutter. It is my understanding that the supabase package is supposed to generate a new access token automatically, but this is not a clear flow.
For example: are currentUser and currentSession reliably not-null anytime a user is authenticated? I have run into situations where they appear temporarily null inspite of the user being logged in. This has broken key parts of my app UI.
Is there any code needed on the client side to handle JWT refresh?
Are we supposed to listen to onAuthStateChanged to handle the JWT refresh?
Really a simple guide for Supabase and Flutter using something like Provider around persisting auth state and handling the JWT refresh would be immensely appreciated. As it stands this flow is very hard to figure out.
The text was updated successfully, but these errors were encountered: