When onAuthStateChange is called from the UserContext provider for the TOKEN_REFRESHED event the new session does not contain a provider_token. This means the user can no longer interact with the provider api, even though the old provider_token is still valid.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Wait 20 seconds, see that the new session has removed the provider_token
Expected behavior
I'm not sure what the correct behavior should be here, but the provider_token should not be lost without being refreshed. If the provider_token is still valid there is no reason to remove it from the session.
Bug report
Describe the bug
When
onAuthStateChange
is called from theUserContext
provider for theTOKEN_REFRESHED
event the newsession
does not contain aprovider_token
. This means the user can no longer interact with the provider api, even though the oldprovider_token
is still valid.To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
The
Expected behavior
I'm not sure what the correct behavior should be here, but the provider_token should not be lost without being refreshed. If the provider_token is still valid there is no reason to remove it from the session.
Additional context
The issue stems from setting the session without the old provider_token here: https://github.com/supabase-community/auth-ui/blob/main/packages/react/src/components/Auth/UserContext.tsx#L30