[Supabse + google cloud functions] I need the `auth.currentSession?.accessToken` to verify the user with the JWT secret, but I think it is not refreshed? #700
I am combining Supabase flutter client + Google Cloud Functions.
So, to verify my users I need to manually pass the JWT to cloud functions as Authorization: Bearer
I could obtain it from the Flutter client as Supabase.instance.client.auth.currentSession?.accessToken but I fear that when the JWT expires after 3600 seconds (as per default settings), the refreshed token accessed this way is not really updated.
I checked the function _handleTokenChanged at the path /lib/src/supabase_client.dart
void _handleTokenChanged(AuthChangeEvent event, String? token) {
if (event == AuthChangeEvent.tokenRefreshed ||
event == AuthChangeEvent.signedIn && _changedAccessToken != token) {
// Token has changed
_changedAccessToken = token; // <-- A
realtime.setAuth(token); // <-- B
} else if (event == AuthChangeEvent.signedOut ||
event == AuthChangeEvent.userDeleted) {
// Token is removed
realtime.setAuth(supabaseKey);
}
}
And it seems to me that both at point A and point B it does nothing to provide the new JWT to the singleton instance `Supabase.instance.client.auth.
So my question is, if I access the JWT to verify my user (in this way Supabase.instance.client.auth.currentSession?.accessToken) is it granted that I will always get the refreshed one? Or should I get it in some other way?
I am combining Supabase flutter client + Google Cloud Functions.
So, to verify my users I need to manually pass the JWT to cloud functions as
Authorization: Bearer
I could obtain it from the Flutter client as
Supabase.instance.client.auth.currentSession?.accessToken
but I fear that when the JWT expires after 3600 seconds (as per default settings), the refreshed token accessed this way is not really updated.I checked the function
_handleTokenChanged
at the path/lib/src/supabase_client.dart
And it seems to me that both at point
A
and pointB
it does nothing to provide the new JWT to the singleton instance`Supabase.instance.client.auth
.So my question is, if I access the JWT to verify my user (in this way
Supabase.instance.client.auth.currentSession?.accessToken
) is it granted that I will always get the refreshed one? Or should I get it in some other way?