-
-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Refresh Token Not Found" = automatic logout after 2-3 days after login #486
Comments
This is likely due to a bug in your application that refreshes the token in parallel. Please see this doc for more information about such issues: https://supabase.com/docs/guides/auth/sessions#what-is-refresh-token-reuse-detection-and-what-does-it-protect-from |
Also be aware that if the user signed out from another device or platform (web) they are signed out from everywhere. You can control this with a parameter. |
Thanks for the quick reply. We have called |
Ok, after about 2-3 days of testing with the changes, I'm still getting logged out automatically on macOS (2x in the last 2-3 days) with the error message:
I haven't hit the logout button anywhere during testing. Any ideas how to fix it or if it's a bug in the library? |
Hi @EduardMe do you have any extension also using Supabase? Widgets... |
Just checked, we have a Widget, but it accesses only some userDefaults. We have shortcuts that call the CloudKit sync, possibly Supabase, however, I'm not using them. Today I got logged out again on macOS. I use it less on iOS, but there I didn't get logged out since testing. So it's just on macOS since the last 3 days. On macOS I often run into some internet connection issues. It gets disconnected for a second. Might this influence it? |
Thanks @EduardMe I'm investigating it, and will post any updates I find on this issue. |
I'm having the same issue since I updated my version of Supabase in my Xcode project. I don't do anything sophisticated in my app and the token settings are the default |
@LucasAbijmil which version were you using before, which you wasn't having this issue? |
@grdsdev Previously I was in 2.5.1, then it was when I switched to 2.13.3 that the bug seems to have been introduced |
@grdsdev I have some idea, but I'm not quite sure. Is it possible that if this gets called in parallel or when the Supabase library refreshes the session in the background and we call it at the same time it creates an issue? We are using this func in Swift to check if the user is logged in: func session(completion: @escaping (Result<Session, Error>) -> Void) {
Task {
do {
if let currentSession = supabase.auth.currentSession, !currentSession.isExpired {
completion(.success(currentSession))
return
}
let session = try await supabase.auth.session
completion(.success(session))
} catch {
completion(.failure(error))
}
}
} |
@EduardMe I don't think that is causing the issue, but your check is redundant, when you call the Still looking at this issue... |
This might be the bug I'm experiencing since December, the day I implemented Sign In With Apple in my SwiftUI App. Ideally, I'd like the user to just login the first time and then never again unless he stops using the app for a prolonged period, or he deletes the app and reinstalls it or upgrades to a new phone.
I've indeed seen that happen quite a lot of times. That along with "Bad ID token". I can't put my finger on it, but there's something not working well with Supabase Auth in Swift. FYI I never call the refreshSession() function, because the Docs says : |
For us the error is usually |
@grdsdev Could you find anything? We are a bit struggling with this, or is there anything we can do temporarily to reduce the logouts? |
|
Hey 👋 |
I receive an error with 2.14.0. Sometimes the app works less than a day. I have my actor that updates the current session that might be accessed from different places:
|
@EduardMe Have you managed to codesign the app with SDK 2.14+? Have you granted |
SDK v2.8.0 has same the problem
@grdsdev i used v2.0 before, if i am not mistaken, and it was fine. however, not sure that it has realtime. i need realtime that is why i decided to upgrade at all |
AFAIK the bug's been there since at least December 2023 because this is when I started designing my app and it's been a day 1 bug for me. Yes, this requires more attention, it is currently my only bug with Supabase, but it's a big one. It's really annoying my users. I only implemented Sign In With Apple FYI, in Swift/SwiftUI. Also, logging in with a device seems to log out other devices. I always have to login between the Simulator and my real iPhone. |
These types of errors are hard to track down the cause. If anyone is able to reliably reproduce the issue, sharing the steps would greatly help us track down what might be the cause. |
@rebryk Yes, I have granted Keychain Sharing, but I did this long before, didn't even know I needed to do this. Haven't done anything else to set things up. Just had to bump up the minimum version for macOS and iOS builds. |
@dshukertjr i can add supabase logger and wait for a few hours when it actually will happen. will it help you? |
@rebryk That might help us out 👍 |
@dshukertjr @grdsdev I have logs. What email should I use to send them? |
@rebryk Can you just hide what you need to hide and paste it here? |
@dshukertjr i don't know how to do that with .pulse log |
@dshukertjr in my case it happens with realtime.
|
Bug report
Describe the bug
About 2-3 days after logging in, the user gets automatically logged out (we are using the OTP login and use the API on iOS and macOS). Checking the error messages, we see:
api(Auth.AuthError.APIError(msg: nil, code: nil, error: Optional("invalid_grant"), errorDescription: Optional("Invalid Refresh Token: Refresh Token Not Found"), weakPassword: nil))
To Reproduce
Using the Swift API of Supabase, login, use the app for 2-3 days and you will get logged out.
Expected behavior
User should stay logged in indefinitely or as per the settings (see additional information).
System information
Additional context
We have tried to increase the rate limits:
Token Refreshes = 184
Token Verifications = 100
Sign ups and sign ins = 50
Time-box user sessions = 0
Inactivity timeout = 0
Access Tokens expiry time = 10800 (3 hours)
Refresh token reuse interval = 30
Let me know if the settings can cause this.
The text was updated successfully, but these errors were encountered: