"Stay signed in" option for auth

[churichard]

Feature request

Is your feature request related to a problem? Please describe.

I'm constantly needing to log back into my app, even though I've set the expiration date to be a week long and have autoRefreshToken set to true. It seems like I need to re-enter my credentials even if the token is not actually expired (i.e. I need to re-enter my credentials even though a week has not passed since the last time I did it). This happens both on localhost and on my production website. The expiration date also doesn't matter, I've set it to be either the minimum or the maximum and the same behavior occurs.

If autoRefreshToken is true, I would expect the token to be automatically refreshed without needing to enter my credentials again. In other words, if I've logged in once, I should stay logged in unless I've explicitly logged out or cleared my cookies/cache.

Basically what I'm looking for is something that works equivalently to a "Stay signed in" checkbox that's present on most websites, which is AFAIK not possible with Supabase at the moment. You don't need to log in to GitHub/Twitter/YouTube every day you open the website, which is unfortunately pretty much the experience I have with Supabase Auth right now.

Describe the solution you'd like

If I've logged in once, I should stay logged in unless I've explicitly logged out or cleared my cookies/cache. This means no 401 errors, and no prompting to log in.

Ideally, the auto-refreshing of the token would actually function completely offline. So if the app is a PWA and you've already signed in online once, then you should still be authenticated if you visit the app again when you're offline.

This "stay signed in" option could be a separate opt-in parameter. But most likely, if autoRefreshToken is true, then most people would expect that this is the behavior that happens (that's certainly my assumption).

Describe alternatives you've considered

No way to do this in Supabase AFAIK.

Additional context

Potentially fixing supabase/auth-js#403 might fix this issue as well.

[churichard]

I moved to using client side auth and everything works as I would expect. So for anyone looking at this issue who's using Next.js, instead of following the Next.js + Supabase example, I would recommend handling everything client side instead (i.e. do not use getServerSideProps).

[churichard]

I'm reopening this because I'm still getting logged out even when using client side auth. It would be really, really great if I could stay logged in.

For context, the refresh token is being persisted locally. When the user tries to navigate to the app, I'm calling the signIn method on Supabase Auth with the refresh token. Ideally, this would give a valid user and session and call the onAuthStateChange callback. But this is not happening; the user sometimes still needs to re-enter their credentials.

If I could, I would actually change this issue to be a bug, because I'm pretty sure this is not the behavior most people expect to have when autoRefreshToken is true.

[churichard]

Closing in favor of #254. Please see that issue for updated details.