Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PKCE flow issue with other than supabase code query in URL #911

Open
2 tasks done
vachmara opened this issue May 15, 2024 · 0 comments
Open
2 tasks done

PKCE flow issue with other than supabase code query in URL #911

vachmara opened this issue May 15, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@vachmara
Copy link

vachmara commented May 15, 2024

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I am using the @nuxtjs/supabase package and I encounter a bug described in this issue.

I am not able to use other PKCE flows because each time the third app redirects to my main app, GoTrueClient tries to refresh the session with the incorrect code parameter in the URL despite using detectSessionInUrl at initialization of GoTruClient.

I believe this function _isPKCEFlow should only watch specific URLs to manage other PKCE flows.

To Reproduce

  1. Setup a project with nuxt/supabase.
  2. Build a simple authentification system.
  3. On any page, use a query parameter ?code=random.

Expected behavior

Automatically, the GoTrueClient will try to set up a session at initialization and logout current user which is problematic.

Screenshots

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant