Closed Shabinder closed 2 months ago
jan-tennert
commented
2 months ago Seems like you are having the same problem as in #704. This doesn't looks like it's supabase-kt's fault (just tried a similar forgot password flow) Are you using a self-hosted Supabase instance?
Shabinder
commented
2 months ago Are you using a self-hosted Supabase instance?
Yes, I am.
J0
commented
2 months ago Hey team,
Thanks for flagging the issue.
The above error typically indicates that there’s a signing mismatch (e.g. the token was signed symmetrically and the received token is asymmetric or the secret the token was signed with doesn’t tally with the signature component of the token)
Could we trouble you to share the non sensitive components of the .env config for the Auth component of the self-hosted stack if available? That would help
Let us know
Shabinder
commented
2 months ago Yes, I can share the needed info.
Also an update. since I am not in production, so I experimented, by creating a supabase test project and then I setup auth with providers and redirect uris there, and used the client with that, all flows worked.
So, then I used the JWT, Anon, Secrets from the supabase test project to setup a new docker environmet, so that I could conclude there is no other difference except being a hosted & cloud version, and the issue still persists.
tldr: using same secrets as in cloud test project in my hosted version, Client works with cloud url but fails with above trace in hosted version.
Shabinder
commented
2 months ago Logs from supabase-auth docker container:
supabase-auth | {"component":"api","error":"token signature is invalid: signing method RS256 is invalid","level":"info","method":"PUT","msg":"403: invalid JWT: unable to parse or verify signature, token signature is invalid: signing method RS256 is invalid","path":"/user","referer":"soundbound://login","remote_addr":"MY_IP","request_id":"9f7889fd-11f3-4365-b4a8-3c2722524c1a","time":"2024-09-02T13:41:47Z"}
supabase-auth | {"component":"api","duration":225161,"level":"info","method":"PUT","msg":"request completed","path":"/user","referer":"soundbound://login","remote_addr":"MY_IP","request_id":"9f7889fd-11f3-4365-b4a8-3c2722524c1a","status":403,"time":"2024-09-02T13:41:47Z"}lmk if I can share/do anything more to help, will be blocked on this..., will wait to hear back from you.
jan-tennert
commented
2 months ago We'll probably have to wait until J0 responds, but I could imagine that re-using the secrets from the hosted version may be a problem.
Shabinder
commented
2 months ago but I could imagine that re-using the secrets from the hosted version may be a problem.
That was just done as a last resort just to check, even with my own keys, the problem is same.
Shabinder
commented
2 months ago We'll probably have to wait until J0 responds
Yeah, will be doing that, since can't move forward with finalising supabase as the backend of choice, until this blocker is cleared.
Shabinder
commented
2 months ago More Diagnosing Data: I verified my session token which is being sent, see below image, its correctly using HS256,
So the issue now is, Why supabase/auth is responding back an error saying algo is RS256...
Shabinder
commented
2 months ago I am back 🙃 ,
after trying a lot of things, I found, that performing same curl from localhost directly on port, worked,
then tested my nginx config, and found it was quite alright, had some issue in my cloudflare setup of domain forwarding.
After fixing that, all works like a charm.
I hope this whole errand, might be helpful for someone who faces same at a later point and he may remember checking all above first.
Nonetheless, thanks guys, I appreciate all the help.
General Info
Version(s)
2.6.0
Kotlin Target(s) and their respective versions
JVM 21
What happened? (include your code)
Refer Flow below:
Note: using PKCE auth flow.
Steps To Reproduce (optional)
auth.updateUser { this.password = newPassword }Auth API error: bad_jwtRelevant log output (optional)