search

supabase-community / auth-ui

Pre-built Auth UI for React
https://supabase.com/docs/guides/auth/auth-helpers/auth-ui
MIT License
487 stars 121 forks source link

UserContext setSession resets valid provider_token #33

Open plondon opened 1 year ago

plondon commented 1 year ago

Bug report

Describe the bug

When onAuthStateChange is called from the UserContext provider for the TOKEN_REFRESHED event the new session does not contain a provider_token. This means the user can no longer interact with the provider api, even though the old provider_token is still valid.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

The

  1. Go to https://app.supabase.com/project//auth/settings
  2. Enable github provider
  3. Set JWT expiry limit to 20 seconds
  4. Login via github on the client
  5. Wait 20 seconds, see that the new session has removed the provider_token

Expected behavior

I'm not sure what the correct behavior should be here, but the provider_token should not be lost without being refreshed. If the provider_token is still valid there is no reason to remove it from the session.

Additional context

The issue stems from setting the session without the old provider_token here: https://github.com/supabase-community/auth-ui/blob/main/packages/react/src/components/Auth/UserContext.tsx#L30

plondon commented 1 year ago

Similar discussion: https://github.com/supabase/gotrue-js/issues/131