fix: don't refresh session if autoRefreshToken setting is set to false #925
Conversation
fix: don't refresh access token if autoRefreshToken is disabled
|
What's your use case here, and what issue are you running into? |
|
I am using the Supabase JavaScript client in a NestJS service. This service retrieves the access token from the incoming request to set the session. This setting of the session should not refresh the token automatically on the server side but instead just return an |
|
I removed the change that makes the |
|
After setting the session, do you use methods like If not, then this PR would be more applicable once it's released: supabase/supabase-js#1004 |
|
In my opinion, supabase/supabase-js#1004 and my PR solve/fix two different things. supabase/supabase-js#1004 solves the problem of providing an access token to the Supabase client to make API requests. However, my PR I believe still is fixing a bug where the I would end up using the new API on the server side as described in that PR you linked to. That is a nice solution. |
|
Do you have anymore feedback regarding this PR? |
Moving this PR forward isn't up to me, as I don't have approval permissions. I know the auth team can get pretty busy, so I'm not sure if/when they will comment. I think there could be some more things to think about with this, because the _loadSession method also checks for token expiration. |
What kind of change does this PR introduce?
Bug fix - Supabase client will obey
autoRefreshTokensetting when setting a session with an expired access tokenWhat is the current behavior?
When a Supabase client is initialized with
{ auth: { autoRefreshToken: false } }but a session is set with
client.setSession()and the access token has expired the client will disregard theautoRefreshTokensetting and attempt to refresh the session.What is the new behavior?
The client will not attempt to refresh an expired session when it is set with
client.setSession()andautoRefreshTokenis set tofalse.