search

supabase / supabase-flutter

Flutter integration for Supabase. This package makes it simple for developers to build secure and scalable products.
https://supabase.com/
MIT License
662 stars 155 forks source link

Flutter Web - Code verifier could not be found in local storage #836

Closed muezz closed 4 months ago

muezz commented 4 months ago

In flutter web, I am trying to authenticate the user by calling this:

await Supabase.instance.client.auth.signInWithOAuth(OAuthProvider.google, redirectTo: 'http://localhost:5000/login');

But I get the following error:

Error: AuthException(message: Code verifier could not be found in local storage., statusCode: null)
dart-sdk/lib/_internal/js_dev_runtime/private/ddc_runtime/errors.dart 294:3  throw_
packages/gotrue/src/gotrue_client.dart 301:7                                 exchangeCodeForSession
dshukertjr commented 4 months ago

What is the URL of the page that initiates the Google login process?

muezz commented 4 months ago

@dshukertjr My app is on http://localhost:5000/login when I click on the login button which opens a popup where I can sign into google or if that is already done I can choose an account. After that, I am taken back to the login page but the url has a query param called code.

dshukertjr commented 4 months ago

Hmm, signInWithOAuth() should not open a popup, but should perform a redirect to the Google sign-in screen.

Could you share a screen recording of walking through the sign-in process?

muezz commented 4 months ago

This is really weird. When I was trying last night, it was definitely opening a popup. I just tried it now and it automatically logs me in because the chrome session already has my profile. I tried in an incognito window and it redirected me to a google sign in page.

So, in short, I am not seeing the popup. Also, the code verifier bug does not happen after signing in. If I reload the page while the code is still in the URL, then I get the error which is not really a realistic scenario as I expect to be redirected to another URL once the user has been authorized.

Side question: If I check the currentUser right after calling signInWithOAuth(), I get null. I think that is expected as the docs say that I need to listen for auth state change in the change listener. Is there a way to avoid that? I would really like to keep my business logic in one place because it is tightly coupled with some other custom logic.

There must be a way because Firebase allows it. I am not sure how they do it without ID Token though.

dshukertjr commented 4 months ago

When I was trying last night, it was definitely opening a popup. I just tried it now and it automatically logs me in because the chrome session already has my profile. I tried in an incognito window and it redirected me to a google sign in page.

Hmm, that is weird. If it happens again, please don't hesitate to report it!

If I check the currentUser right after calling signInWithOAuth(), I get null. I think that is expected as the docs say that I need to listen for auth state change in the change listener. Is there a way to avoid that? I would really like to keep my business logic in one place because it is tightly coupled with some other custom logic.

There must be a way because Firebase allows it. I am not sure how they do it without ID Token though.

Yeah, there is a slight delay after the redirect until the session is retrieved. Currently, the only way to retrieve the session and user safely is to listen to onAuthStateChange.