Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Invalid Refresh Token on sessionRestore

See original GitHub issue

Hi. I have an issue where I have to sign in again after the expiration duration, configured at Supabase UI, has passed.

Steps to reproduce

Set expiration time to 2 min (Supabase UI, access token expiration?)
Login & Persist Session e.g. local storage
Quit app and wait 3 min
Start app and call restoreSession

Result “Invalid Refresh Token” gets returned from restoreSession

Expected Behavior Fetches new access token and updates SupabaseClient state.

Singleton Wrapper

abstract class ISupabaseClientService {
  SupabaseClient get();
}

class SupabaseClientService implements ISupabaseClientService {
  final supabaseClient = SupabaseClient(
    EnvironmentService().supabaseUrl,
    EnvironmentService().supabaseKey,
  );

  @override
  SupabaseClient get() {
    return supabaseClient;
  }
}

AuthService

SignIn

@override
  Future<AppUser> signInWithEmail(String email, String password) async {
    var result = await _supabaseClientService.get().auth.signIn(email: email, password: password);

    await _saveSession();

    return AppUser( result.user?.id,  result.user.email,  result.user.email);
  }

Called on app start

@override
  Future<AppUser> getCurrentUser() async {
    var user = _supabaseClientService.get().auth.currentUser;

    if (user == null) {
      var session = await _getSession();
      var response = await _supabaseClientService.get().auth.recoverSession(session);

      if (response.error == null) await _saveSession();
      user = response.user;
    }

    return AppUser(
      user?.id,
      user?.email,
      user?.email,
    );
  }

Private methods

Future<void> _saveSession() async {
    final session = _supabaseClientService.get().auth.session();
    final SharedPreferences prefs = await _prefs;
    await prefs.setString('session', session.persistSessionString);
  }

  Future<String> _getSession() async {
    final SharedPreferences prefs = await _prefs;
    var session = (prefs.getString('session') ?? '');
    return session;
  }

  Future<void> _removeSession() async {
    final SharedPreferences prefs = await _prefs;
    await prefs.remove('session');
  }

Persisted Session for restoreSession That’s my token with the Invalid Refresh token error on my dev environment, not that critical to share. "{"currentSession":{"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhdXRoZW50aWNhdGVkIiwiZXhwIjoxNjQyODA1ODIwLCJzdWIiOiIzMDc4ZjY2NS1jNjFiLTQ0Y2UtYjY3ZS1kNzIyOTNjMWFjMmMiLCJlbWFpbCI6InNlcmdlai5zYWNoc0BnbXguZGUiLCJwaG9uZSI6IiIsImFwcF9tZXRhZGF0YSI6eyJwcm92aWRlciI6ImVtYWlsIiwicHJvdmlkZXJzIjpbImVtYWlsIl19LCJ1c2VyX21ldGFkYXRhIjp7fSwicm9sZSI6ImF1dGhlbnRpY2F0ZWQifQ.QQaZpPDTy1urjbZNoMf88I15HIIHIoGRPJN152ht06U","expires_in":120,"refresh_token":"ybqC0YdCNlYxByvlQh5WQA","token_type":"bearer","provider_token":null,"user":{"id":"3078f665-c61b-44ce-b67e-d72293c1ac2c","app_metadata":{"provider":"email","providers":["email"]},"user_metadata":{},"aud":"authenticated","email":"anymail@provider.com","created_at":"2022-01-20T12:12:57.382314Z","confirmed_at":"2022-01-20T12:12:57.387309Z","last_sign_in_at":"2022-01-21T22:55:00.788920397Z","role":"authenticated","updated_at":"2022-01-21T22:55:00.790273Z"}},"expiresAt":1642805820}"

RestoreSession works within that configured duration but else it returns that error.

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:12 (5 by maintainers)

Top GitHub Comments

3reactions

kiwicopplecommented, Mar 21, 2022

Hey everyone, the Dart library is currently community-driven, but we just hired someone to look after them fulltime. They will be able to look into this as soon as they join (if not before)

1reaction

dshukertjrcommented, Jul 28, 2022

Hi @maurovitale,

In order to persist the session using supabase-flutter package currently, you need to include a SupabaseAuthState or SupabaseAuthRequiredState somewhere in your widget tree and call recoverSupabaseSession() method upon initialization.

Note that all of the above will be obsolete with an update that will be launched next Monday, and the auth state will truly be automatically persisted by only initializing Supabase in your main function so keep an eye out for the update! 👀 There are some exciting things happening in supabase-flutter SDK!