Closed bhark closed 1 year ago
I can't replicate this in any of the example repos I have. Also the stackblitz example doesn't work because there are CORS issues with stackblitz. You can view one of the example repo here https://github.com/supabase-community/supabase-by-example/tree/main/reset-flow/sveltekit
@silentworks Thanks for looking into this. I tried cloning the repo you linked, and setting up a new, blank supabase project, and am getting a different issue (which seems kind of related):
Signing up and clicking the magic link results in /logging-in?redirect=/#
hanging, and this error:
[1] AuthRetryableFetchError: fetch failed
[1] at /home/akhefale/tetrabit/sb-test/node_modules/@supabase/gotrue-js/dist/main/lib/fetch.js:30:16
[1] at Generator.next (<anonymous>)
[1] at /home/akhefale/tetrabit/sb-test/node_modules/@supabase/gotrue-js/dist/main/lib/fetch.js:8:71
[1] at new Promise (<anonymous>)
[1] at __awaiter (/home/akhefale/tetrabit/sb-test/node_modules/@supabase/gotrue-js/dist/main/lib/fetch.js:4:12)
[1] at handleError (/home/akhefale/tetrabit/sb-test/node_modules/@supabase/gotrue-js/dist/main/lib/fetch.js:27:40)
[1] at /home/akhefale/tetrabit/sb-test/node_modules/@supabase/gotrue-js/dist/main/lib/fetch.js:87:35
[1] at processTicksAndRejections (node:internal/process/task_queues:96:5) {
[1] __isAuthError: true,
[1] status: 0
[1] }
Manually navigating to /auth/signin
afterwards results in this error:
[1] AuthApiError: Invalid Refresh Token
[1] at /home/akhefale/tetrabit/sb-test/node_modules/@supabase/gotrue-js/dist/main/lib/fetch.js:41:20
[1] at processTicksAndRejections (node:internal/process/task_queues:96:5) {
[1] __isAuthError: true,
[1] status: 400
[1] }
Trying to log in, then, results in the original error:
[1] AuthApiError: Rate limit exceeded
[1] at /home/akhefale/tetrabit/supabase-by-example/reset-flow/sveltekit/node_modules/@supabase/gotrue-js/dist/main/lib/fetch.js:41:20
[1] at processTicksAndRejections (node:internal/process/task_queues:96:5) {
[1] __isAuthError: true,
[1] status: 429
[1] }
The refresh token being sent seems valid to me.
I'm also experiencing an infinite invalidation loop in onAuthStateChange
except it occurs when an error boundary is rendered @silentworks. I discovered it by clicking a link to a page in my app that doesn't exist. Currently trying to determine the root cause of this and will report back if I'm able to identify it this evening.
Reproduction Repo:
StackBlitz - Just add a .env with PUBLIC_SUPABASE_ANON_KEY
& PUBLIC_SUPABASE_URL
Manual Repro Steps:
+layout.svelte
, add a link to a page that doesn't exist (/whatever).<a>
elementinvalidate('supabase:auth')
I'm running into the same issue described above.
Whenever hitting a 404 page. it starts an infinite loop of invalidating invalidate('supabase:auth')
and then reloading over and over.
If I comment out invalidate('supabase:auth')
in ./src/routes/+layout.svelte and restart the project the infinite ceases.
@silentworks I was able to recreate the issue in the example repo you reference: https://github.com/supabase-community/supabase-by-example/tree/main/reset-flow/sveltekit by upgrading @supabase/supabase-js from v2.10.0
to v2.12.1
with pnpm i @supabase/supabase-js@latest
Issue seems to be directly related to underlying @supabase/gotrue-js
going from v2.15.0
to v2.16.0
https://github.com/supabase/gotrue-js/releases/tag/v2.16.0
pnpm i @supabase/supabase-js@latest
pnpm dev
http://localhost:5174/not-there
@huntabyte, @bhark
For other running into this issue you can resolve by overriding the dependant @supabase/gotrue-js version in your package json.
pnpm: https://pnpm.io/package_json#pnpmoverrides npm: https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides
The settings for overriding a nested depend package varies based on:
For example if you are using pnpm
with a monorepo
and have v2.12.1
of @supabase/supabase-js. You would add the below to your root package.json:
{
...
"pnpm": {
"overrides": {
"@supabase/supabase-js@2.12.1>@supabase/gotrue-js": "2.15.0"
}
}
}
@ralphwest1 tried this and still got the same issue
@adonis2611
The settings for overriding a nested depend package varies based on:
pnpm: https://pnpm.io/package_json#pnpmoverrides npm: https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides
I think we're talking about two different issues here, although they both seem to stem from gotrue.
It turns out that the main issue i posted can't be reliably reproduced. A colleague of mine with the exact same version of node and npm was able to run my codebase as is without issue, and after reinstalling Arch I can too.
The 404 loop that @ralphwest1 and @huntabyte is talking about can apparently be reliably reproduced. My colleague had this issue too, and I have it on my new system.
I'm also experiencing an infinite invalidation loop in
onAuthStateChange
except it occurs when an error boundary is rendered @silentworks. I discovered it by clicking a link to a page in my app that doesn't exist. Currently trying to determine the root cause of this and will report back if I'm able to identify it this evening.Reproduction Repo: StackBlitz - Just add a .env with
PUBLIC_SUPABASE_ANON_KEY
&PUBLIC_SUPABASE_URL
Manual Repro Steps:
1. Setup everything exactly as stated in the documentation 2. In the root `+layout.svelte`, add a link to a page that doesn't exist (/whatever). 3. Click the '/whatever' `<a>` element 4. Experience infinite loop of `invalidate('supabase:auth')`
@ralphwest1 and @huntabyte yeah I can replicate this. You can fix it by updating the script
section to be this instead, we will update the guides soon.
import { invalidate } from '$app/navigation';
import { onMount } from 'svelte';
import type { LayoutData } from './$types';
export let data: LayoutData;
$: ({ supabase, session } = data);
onMount(() => {
const {
data: { subscription }
} = supabase.auth.onAuthStateChange((event, _session) => {
if (_session?.expires_at !== session?.expires_at) {
invalidate('supabase:auth');
}
});
return () => {
subscription.unsubscribe();
};
});
Awesome, thanks for the swift response & solution!
Having the same problem here. Going to non existing route causes the infinite loop. The problem seems to be caused by invalidate('supabase:auth')
in +layout.svelte file.
If I comment invalidate('supabase:auth')
out the loop stops to occur.
EDIT: There is already a solution hereabove which I have overlooked. THANK YOU VERY MUCH.
StackBlitz
I've set up a Stackblitz with the same issue here. Create a .env and link it with a stock Supabase project of yours.Describe the bug
After signing in using valid credentials, the
invalidate('supabase:auth')
in+layout.svelte
is called rapidly, many times a second, until the API locks you out due to the rate limit being exceeded and the session is destroyed. Ifinvalidate('supabase:auth')
is commented out and replaced with aconsole.log
, it is fired about every other second and the session is maintained without issues.Network log shows a flood of (successful) requests to
/auth/v1/token?grant_type=refresh_token
, until the rate limiter steps in.Steps To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
npm create svelte@latest new-project
)+page.svelte
with a form element and submit the sign in form using valid credentialsExpected behavior
After setting up as according to the documentation here or here, I should be able to sign in and have a healthy session, which should be kept in sync and be available both server-side and client-side.
System information
Additional context
No typescript, no extra packages.