-
-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Global supabase.auth.signOut() doesn't fire the "SIGNED_OUT" event for onAuthStateChange in other instances where a user is logged in #902
Comments
To add more context, we are running into an issue when there's a global log out, we're still seeing that the user is authenticated on the client (seems to be the correct behavior from Sign out a user documentation), but on our server, when we call
What is the best way to handle this, in the case of a global log out? We were planning on using the onAuthStateChange to handle this, but it seems like it isn't working properly.
|
@belle-chang, can you clarify a couple of things?
Is this on the browser where the logout happened, or the the other?
Which browser session is this token from? |
This is happening in a React Native app, so say I have 2 devices where a user is logged in. If a user does a global log out on device A, the user is still seen as authenticated on device B when you call The token is passed from our front end in an Authorization bearer header to the backend, where it's used in the |
Ok, I believe I understand what you're saying. So when the device/app with a still-logged-in-session(at least locally) does something, the error is thrown when calling This makes sense, since it's a global signout. Supabase would likely remove both sessions in the |
@belle-chang you can fix this issue by upgrading to the latest supabase-js version - for context, we fixed it in this PR (#894), basically, signOut should always remove the existing session from the client regardless of any 4xx error because the user could've been deleted by an admin. on the main topic of the currently, apologies for the confusion in the docs - we'll update it so it's clear next time. |
This unfortunately still doesn't solve the described problem as the session is not removed on the other device, but only from the device calling signOut. |
can we make this behavior like listening realtime table? |
Bug report
Describe the bug
Whenever I call
supabase.auth.signOut()
,onAuthStateChange
only fires a"SIGNED_OUT"
event for the current device I'm on; not for any other devices the user is logged into. This is causing a weird in-between state where the user isn't authenticated on a device, and there isn't a listener to know when to trigger clean up, which is causing my authenticated API calls to fail.Just to note, I'm calling
supabase.auth.signOut()
from the client, using a supabase client that's been created according to the React native docs:From the supabase docs:
To Reproduce
Have a user signed into two devices, call a global
signOut()
on one of them.Expected behavior
SIGNED_OUT
should fire foronAuthStateChange
on all instances of where a user is logged in.Screenshots
If applicable, add screenshots to help explain your problem.
System information
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: