Open williamlmao opened 2 months ago
Facing the same issue with Facebook Business Login. Successful FB App OAUTH Hashed values return #access_token=
and others like error
, code
etc, that conflicts like OP said. Would be nice if we could somehow prefix-name the supabase ones so they do not interfere with other integrations that is not compatible with Supabase 'natively'.
Would be nice if we could add prefix like sb_
to all supabase hashvalues so there is no clashing.
This maybe isn't a complete bug, but I think it's something people should be aware of. An extra warning could be nice.
I was using
code=123
as a URL search param, completely unrelated to auth. Spent a couple hours trying to debug why a certain route was clearing auth cookies completely, turns out its because the nextjs auth callback file that you find in the supabase docs uses that search param.This results in this error:
helpers.js:108 POST http://localhost:54321/auth/v1/token?grant_type=pkce 403 (Forbidden)
andThis was a pretty tough one to debug. I would recommend adding a hint to the 403 PKCE forbidden error, or switching the search param here to use something more unique to supabase.