[Bug]: Auth refresh sessions is not working correctly about supabase-kt HOT 9 CLOSED

Great, if you change the default key, you should probably add a check to see if there is a session on the old namespace to prevent force logging out everyone who updates the library.

from supabase-kt.

I guess you could just provide a custom session manager, which saves sessions to separate keys depending on the build mode:
(this is a straight copy from the default one, see text below)

class CustomSessionManager @OptIn(SupabaseInternal::class) constructor(
    settings: Settings = createDefaultSettings()
) : SessionManager {

    @OptIn(ExperimentalSettingsApi::class)
    private val suspendSettings = settings.toSuspendSettings()

    @OptIn(ExperimentalSettingsApi::class, SupabaseInternal::class)
    override suspend fun saveSession(session: UserSession) {
        suspendSettings.putString(SETTINGS_KEY, supabaseJson.encodeToString(session))
    }

    @OptIn(ExperimentalSettingsApi::class, SupabaseInternal::class)
    override suspend fun loadSession(): UserSession? {
        val session = suspendSettings.getStringOrNull(SETTINGS_KEY) ?: return null
        return try {
            supabaseJson.decodeFromString(session)
        } catch(e: Exception) {
            Auth.logger.e(e) { "Failed to load session" }
            null
        }
    }

    @OptIn(ExperimentalSettingsApi::class)
    override suspend fun deleteSession() {
        suspendSettings.remove(SETTINGS_KEY)
    }

    companion object {

        private const val SETTINGS_DEBUG_KEY = "session_debug"
        private const val SETTINGS_RELEASE_KEY = "session_release"
        const val SETTINGS_KEY = if(BuildConfig.DEBUG) SETTINGS_DEBUG_KEY else SETTINGS_RELEASE_KEY

    }

}

val supabase = createSupabaseClient(
    "url",
    "key"
) {
    install(Auth) {
        sessionManager = CustomSessionManager()
    }
}

To make this easier, we could also make it possible to set the SETTINGS_KEY in the constructor of the "default" SettingsSessionManager(). So you wouldn't have to create a completely new class

from supabase-kt.

Hi @jan-tennert JS and Flutter SDKs uses the project ref as namespace

• supabase-js https://github.com/supabase/supabase-js/blob/master/src/SupabaseClient.ts#L85
• supabase-flutter https://github.com/supabase/supabase-flutter/blob/main/packages/supabase_flutter/lib/src/supabase.dart#L93

I'll be applying this change to Swift too, and it would be nice if Kotlin had the same behavior.

from supabase-kt.

Right, we should probably do this, and it would solve this issue, but we could still make this configurable.

from supabase-kt.

I can work on this. I will make it configurable and use the project reference as well.

from supabase-kt.

Btw here if I'm getting an UnauthorizedException, I should be logged out anyway right? Because it's not happening, maybe there's something missing there as well.

from supabase-kt.

If this exception is thrown while refreshing the session, the session should be getting cleared. Otherwise no.

from supabase-kt.

So the flow should be like this: Make call -> if the call is failing refresh -> if the refresh is failing clear.
In that case, the call is failing so the refresh should be called and the refresh should fail as well because the token is wrong and also we keep getting failures. If refresh if successful the next call should succeed but it's not the case.

from supabase-kt.

Not sure if I understand the problem. The library doesn't handle API errors at all, they just get thrown as a RestException (which has some subclasses based on the status code). The only case where RestException get caught is in the auto refresh:

from supabase-kt.