question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Invalid Refresh Token on sessionRestore

See original GitHub issue

Hi. I have an issue where I have to sign in again after the expiration duration, configured at Supabase UI, has passed.

Steps to reproduce

  • Set expiration time to 2 min (Supabase UI, access token expiration?)
  • Login & Persist Session e.g. local storage
  • Quit app and wait 3 min
  • Start app and call restoreSession

Result “Invalid Refresh Token” gets returned from restoreSession

Expected Behavior Fetches new access token and updates SupabaseClient state.

Singleton Wrapper

abstract class ISupabaseClientService {
  SupabaseClient get();
}

class SupabaseClientService implements ISupabaseClientService {
  final supabaseClient = SupabaseClient(
    EnvironmentService().supabaseUrl,
    EnvironmentService().supabaseKey,
  );

  @override
  SupabaseClient get() {
    return supabaseClient;
  }
}

AuthService

SignIn

@override
  Future<AppUser> signInWithEmail(String email, String password) async {
    var result = await _supabaseClientService.get().auth.signIn(email: email, password: password);

    await _saveSession();

    return AppUser( result.user?.id,  result.user.email,  result.user.email);
  }

Called on app start

@override
  Future<AppUser> getCurrentUser() async {
    var user = _supabaseClientService.get().auth.currentUser;

    if (user == null) {
      var session = await _getSession();
      var response = await _supabaseClientService.get().auth.recoverSession(session);

      if (response.error == null) await _saveSession();
      user = response.user;
    }

    return AppUser(
      user?.id,
      user?.email,
      user?.email,
    );
  }

Private methods

Future<void> _saveSession() async {
    final session = _supabaseClientService.get().auth.session();
    final SharedPreferences prefs = await _prefs;
    await prefs.setString('session', session.persistSessionString);
  }

  Future<String> _getSession() async {
    final SharedPreferences prefs = await _prefs;
    var session = (prefs.getString('session') ?? '');
    return session;
  }

  Future<void> _removeSession() async {
    final SharedPreferences prefs = await _prefs;
    await prefs.remove('session');
  }

Persisted Session for restoreSession That’s my token with the Invalid Refresh token error on my dev environment, not that critical to share. "{"currentSession":{"access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhdXRoZW50aWNhdGVkIiwiZXhwIjoxNjQyODA1ODIwLCJzdWIiOiIzMDc4ZjY2NS1jNjFiLTQ0Y2UtYjY3ZS1kNzIyOTNjMWFjMmMiLCJlbWFpbCI6InNlcmdlai5zYWNoc0BnbXguZGUiLCJwaG9uZSI6IiIsImFwcF9tZXRhZGF0YSI6eyJwcm92aWRlciI6ImVtYWlsIiwicHJvdmlkZXJzIjpbImVtYWlsIl19LCJ1c2VyX21ldGFkYXRhIjp7fSwicm9sZSI6ImF1dGhlbnRpY2F0ZWQifQ.QQaZpPDTy1urjbZNoMf88I15HIIHIoGRPJN152ht06U","expires_in":120,"refresh_token":"ybqC0YdCNlYxByvlQh5WQA","token_type":"bearer","provider_token":null,"user":{"id":"3078f665-c61b-44ce-b67e-d72293c1ac2c","app_metadata":{"provider":"email","providers":["email"]},"user_metadata":{},"aud":"authenticated","email":"anymail@provider.com","created_at":"2022-01-20T12:12:57.382314Z","confirmed_at":"2022-01-20T12:12:57.387309Z","last_sign_in_at":"2022-01-21T22:55:00.788920397Z","role":"authenticated","updated_at":"2022-01-21T22:55:00.790273Z"}},"expiresAt":1642805820}"

RestoreSession works within that configured duration but else it returns that error.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:1
  • Comments:12 (5 by maintainers)

github_iconTop GitHub Comments

3reactions
kiwicopplecommented, Mar 21, 2022

Hey everyone, the Dart library is currently community-driven, but we just hired someone to look after them fulltime. They will be able to look into this as soon as they join (if not before)

1reaction
dshukertjrcommented, Jul 28, 2022

Hi @maurovitale,

In order to persist the session using supabase-flutter package currently, you need to include a SupabaseAuthState or SupabaseAuthRequiredState somewhere in your widget tree and call recoverSupabaseSession() method upon initialization.

Note that all of the above will be obsolete with an update that will be launched next Monday, and the auth state will truly be automatically persisted by only initializing Supabase in your main function so keep an eye out for the update! 👀 There are some exciting things happening in supabase-flutter SDK!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Invalid Refresh Token on sessionRestore #5110 - Issuehunt
Hi. I have an issue where I have to sign in again after the expiration duration, configured at Supabase UI, has passed. Steps...
Read more >
Unknown or invalid refresh token when session expires
Hello, I'm using @auth0/nextjs-auth0 . and try to enable refresh token rotation. But I have an issue with the refresh token. When I...
Read more >
When the Refresh token generates "Invalid" errors
Problem Daily load operation attempts generate an "Invalid refresh token" error in Postman when attempting to perform a refresh...
Read more >
Session handling | Compas
The tokens are always created in pairs: an access token and refresh token. ... invalidSession -> when no session can be found by...
Read more >
Cannot make Azure B2C refersh token become invalid
I confirmed that I can get a new access token by using the current refresh token that is returned in a Postman call...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found