supabase.auth.logout() throws "Invalid user" error.
#15
Comments
|
The only thing I could think is that the token is expired when you try to log out. A couple of questions:
|
I'm able to reproduce this multiple times within a time window of less than 1h
Yes, there are times where the logout call is successful. You can see in the network comms though that after the logout there is a login ( |
|
@thorwebdev are you just using the OG slack clone example here? |
|
@awalias yes, I'm able to observe this also on the official https://supabase-slack-clone.vercel.app/
|
|
could be some race-condition here? https://github.com/supabase/supabase/blob/1e49eaeb7e0540c9cc1e4dad627e779a33b0500f/examples/slack-clone/pages/_app.js#L43 |
|
issue is when a user instantiates two or more supabase clients - fix is to always check localStorage before adding this.accessToken as an auth bearer token to see if there is one on the browser |
|
It's gotrue logout api bug. The cookie is cleared before calling
|
|
On slack-clone app, after an However the next login/logout will trigger |
|
Oh we didn't update this issue after meeting @thorwebdev last week about this. The issue here is that Slack-clone app uses two different supabase client instances, and supabase-js only reads from local storage on initiation, and manages it's own state of which user is logged in after that point - so multiple clients can easily get out of sync on current user state Our options here are:
any other? |
|
@awalias what you describe seems to be another issue related to front-end. The original error reported by @thorwebdev is from gotrue logout api. It can be reproduced easily.
I already check Before |
|
I think the response from gotrue is actually correct in this instance, if you look at the request headers on the slack clone app, you will see that the apikey and auth bearer headers are the same, in this case the jwt being (mistakenly) sent is the
for comparison here is an example of a successful logout, with decoded jwt below: The bug seems to be that the supabase-js client calling the "double logout" seems to be coming from here: https://github.com/supabase/supabase/blob/fed822f48c5e441eb867fa756443e362ac47423f/examples/slack-clone/components/Layout.js#L59 |
|
also as a side note - we actually don't make use of the cookies set by go-true, we manage these ourselves using local storage inside supabase-js |
|
Thanks @awalias for clarification. After modifying |
|
Currently, supabase-js persists We should use localstorage as the source of true and don't keep them as class params. It's the same as how we get authHeader to supply PostgrestClient. What do you think? @kiwicopple |
maybe keep track of them internally but always check local storage first (if it exists?) |
|
- Fixes #32 Major DX change: response and error handling - Fixes #49 When no `supabaseKey` is passed in it throws an error - Fixes #31 chore: set up semantic releases - Fixes #15 `supabase.auth.logout()` throws "Invalid user" error. - Fixes #20 Auth: Change DX of user management - Fixes #30 Supabase auth interface missing informiation - Fixes supabase/supabase#147 supabase/supabase#147 - Partial fix for supabase/realtime-js#53 - if there is no token provided. The error needs to be caught at a socket level. - Adds magic links ## BREAKING CHANGES - See all breaking changes in RELEASE.md v1.0.0 - Errors are now returned and not thrown - Auth now uses `@supabase/gotrue-js` interface - `supabase.getSubscriptions()` only returns open subscriptions * Updates the config * chore: Migrates the basic outline to TS * Adds a simple example showing how it can be used. * chore: Moves tests to jest * chore: Adds semantic releases * Moves the subscription into it's own class * Updates the todo readme with simple instructions * Updates installs * Revverts commented code - sorry for the spam * docs: adds JSDoc to some functions * chore: Adds a function for backwards compat * chore: migrates the client to SupabaseClient * This change attempts to make the naming conventions the same as Thor's previously * Updates GoTrue to latest version * Adds generic type to the from, and updates the name of the query builder * Updates to latest versions of all packages * Updates the example to make sure it's working * Refactor SupabaseQueryBuilder * Adds prettier hook * Add TypeScript next.js example. * Declutter SupabaseClient and make work with gotrue-js changes. * Bumps the GoTrue version * Bumps postgrest to include the types * Temporarily adds the spec so that I can use it in our docs * Update examples and add resetPassword. * Bump gotrue-js version. * Update lockfile. * Add auth magic link capabilities. * Gotrue-js user and session method updates. * chore: Adds release notes Co-authored-by: Thorsten Schaeff <[email protected]> Co-authored-by: Thor 雷神 Schaeff <[email protected]>
I found this to only happen sometimes, but couldn't figure out why:
@kiwicopple have you seen this before?
The text was updated successfully, but these errors were encountered: