Supabase authentication && reauthenticate

I’ve been having an issue where my Supbase authentication times out and the tokens are not refreshed (maybe?)

I found a routine called reauthenticate() and I call it when I am authenticated and it seems to do the trick

I don’t know.

Is it real, or is it Memorex ?

  const { isAuthenticated, reauthenticate } = useAuth()

  if (isAuthenticated) {
    reauthenticate()
  }

Several months ago @Danny and I audited all the auth providers for token refreshes, and we found Supabase to be ok (at least then).

Specifically this is because Supabase actively refreshes the token periodically after creating their session.

See: gotrue-js/GoTrueClient.ts at 797ea09b6188291861b5bed4a488cc74b6f95aaf · supabase/gotrue-js · GitHub

**
   * set currentSession and currentUser
   * process to _startAutoRefreshToken if possible
   */
  private _saveSession(session: Session) {
    this.currentSession = session
    this.currentUser = session.user

    const expiresAt = session.expires_at
    if (expiresAt) {
      const timeNow = Math.round(Date.now() / 1000)
      const expiresIn = expiresAt - timeNow
      const refreshDurationBeforeExpires = expiresIn > 60 ? 60 : 0.5
      this._startAutoRefreshToken((expiresIn - refreshDurationBeforeExpires) * 1000)
    }

Then in gotrue-js/GoTrueClient.ts at 797ea09b6188291861b5bed4a488cc74b6f95aaf · supabase/gotrue-js · GitHub

  /**
   * Clear and re-create refresh token timer
   * @param value time intervals in milliseconds
   */
  private _startAutoRefreshToken(value: number) {
    if (this.refreshTokenTimer) clearTimeout(this.refreshTokenTimer)
    if (value <= 0 || !this.autoRefreshToken) return

    this.refreshTokenTimer = setTimeout(() => this._callRefreshToken(), value)
    if (typeof this.refreshTokenTimer.unref === 'function') this.refreshTokenTimer.unref()
  }

So, they setup a timer to refresh the token just before it expires.

We also ensure the token is fresh whengettin to set in the GraphQL request made by a a cell.

And by default, the

autoRefreshToken: true,

If you can confirm you are really seeing timeouts, please write up an issue in GitHub here: Issues · redwoodjs/redwood · GitHub versus a topic forum as issues will be seen by the entire team to address whereas forums are more for the community in general.

1 Like

my problems happen when the app is not running, there’s no way the refresh could work.

I’m logged in at night and the next morning it fails in that odd way - login request, google icon, cycles & not logged in

agreed, if they are real issues – I hate to waste the teams time on something I usually find an answer to one way or another.