-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AuthApiError: Session from session_id claim in JWT does not exist #25350
Comments
I am also running into this issue and users are not able to logout using the iOS client and instead throws an error because the response is a 403. Force log outs only happen for 404s and 401s on the iOS client, perhaps updating the response to a 401 would make more sense Here is the a reference to the swift supabase client code that throws Here is a photo of the error in the xcode debugger: Edit: there has already been a PR to address this by force logging out from 403s. |
* fix(auth): sign out should ignore 403s * add integration test * fix linux build
I am experiencing the same issue |
Hi there everyone, I am currently having the same issue. I am developing a react-admin web application for internal usage. I use the 'ra-supabase' npm package. I host the app on Firebase but use the Supabase backend. I'm experiencing this error during the implementation of my "forgot password" workflow. The first step where I get the email with the link back to my app works 100%. This link contains the needed parameters i.e. access_token (JWT) and the refresh_token. I pass these to the function provided by the useSetPassword hook. Behind the scenes it calls the setPassword method in the authProvider which in turn calls setSession which checks if the token had expired and if not tries to fetch the user by calling _getUser giving it the access_token. It is this _getUser (/v1/user) call that eventually throws a 403 error and returning "AuthApiError: Session from session_id claim in JWT does not exist". To me it looks like an issue on the Supabase API side. Any ideas? |
Bug report
Describe the bug
Getting a "AuthApiError: Session from session_id claim in JWT does not exist" when doing a
client.auth.setSession({ access_token, refresh_token }) with access_token, refresh_token retrieved from:
client.auth.admin.generateLink( { type: 'recovery', email, redirectTo })
Users are unable to recover password on production site.
Steps:
Expected behavior
session set and be able to set user/password
did found some related reports on discord, not sure if it is the exact same issue:
https://discord.com/channels/839993398554656828/1235896967754682478
The text was updated successfully, but these errors were encountered: