search

supabase / supabase-flutter

Flutter integration for Supabase. This package makes it simple for developers to build secure and scalable products.
https://supabase.com/
MIT License
656 stars 154 forks source link

API for session restore using magic links #923

Closed henry2man closed 1 month ago

henry2man commented 1 month ago

Is your feature request related to a problem? Please describe. I'm using Flutter Web. Supabase Auth is able to perform passwordless logins. You can setup a redirect URL. I'm able to read Supabase session from URL hash query parameters (access_token, refresh_token and so on), but I don't see any way to inject this parameters into current goTrue auth client in order to restore the session from these parameters.

Describe the solution you'd like A clean, maybe automatic way to read URL Parameters and/or automatic session restoring during startup and/or via explicit method. Also error handling should be done.

Sample URL: http://127.0.0.1:3000/#access_token=aaa.bbbbbbbbb.ccccc&expires_at=1715302651&expires_in=3600&refresh_token=abcabcabc&token_type=bearer&type=recovery

Describe alternatives you've considered I've tried the refreshSession(newRefreshToken) during app bootstrap but sadly it looks that a proper session is needed before.

Additional context I'm using current latest version (2.5.2)

grdsdev commented 1 month ago

Hi @henry2man there is the getSessionFromUrl method.

Let me know if that solves your use case.

Thanks.

henry2man commented 1 month ago

Hi @henry2man there is the getSessionFromUrl method.

Let me know if that solves your use case.

Thanks.

I missed this one. Probably it will work, I'll confirm ASAP.

Maybe is this an opportunity to improve docs?

dshukertjr commented 1 month ago

@henry2man The supabase_flutter SDK will obtain the session without you having to do anything when your user clicks on the magic link and opens your Flutter app. You do not need to call neither getSessionFromUrl() or the refreshSession() method.

Sample URL: http://127.0.0.1:3000/#access_token=aaa.bbbbbbbbb.ccccc&expires_at=1715302651&expires_in=3600&refresh_token=abcabcabc&token_type=bearer&type=recovery

So the sample URL that you provided uses an implicit auth flow, which is not the default auth flow for supabase_flutter. How are you generating this magic link? Are you perhaps generating it on a non-Flutter app using supabase-js, and then opening the magic link on an Flutter app or something?

Whatever the situation is, you can probably fix this by setting the auth flow to implicit like this:

  await Supabase.initialize(
    url: supabaseUrl,
    anonKey: supabaseKey,
    authOptions: const FlutterAuthClientOptions(
      authFlowType: AuthFlowType.implicit,
    ),
  );
henry2man commented 1 month ago

My UI is incomplete. This link is generated via (local) studio UI > Authentication > User > Send Magic Link.

Thanks for these useful insights, I'll review them ASAP

henry2man commented 1 month ago 
    authOptions: const FlutterAuthClientOptions(
      authFlowType: AuthFlowType.implicit,
    ),

This is working like a charm.

there is the getSessionFromUrl method

getSessionFromURL only works if implicit AuthFlowType is pre-configured

Closing this, thanks.