createBrowserClient logs users out if there's a error_description query parameter

[christiangenco]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

createBrowserClient from @supabase/ssr will log users out on Next.js on any client-rendered page with an error_description query parameter.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

1. Create a Supabase project and Next.js app with npx create-next-app -e with-supabase and fill out .env.local with NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY as described on Use Supabase with Next.js
2. Create a new client component app/frontend/page.js to fetch the user following the template from the starter kit:

"use client";

import { createClient } from "@/utils/supabase/client";
import { useEffect, useState } from "react";

export default function Page() {
  const [user, setUser] = useState(null);
  const supabase = createClient();

  useEffect(() => {
    const getUser = async () => {
      const {
        data: { user },
      } = await supabase.auth.getUser();
      setUser(user);
    };
    getUser();
  }, []);

  return <pre>{JSON.stringify(user, null, 2)}</pre>;
}

3. Log in at /sign-in
4. Verify that you're logged in by visiting /frontend and seeing your user data in the pre tag
5. Add an error_description query parameter with any value (ex: /frontend?error_description=a) and you'll be logged out

I think there are other OAuth-related query parameters that evoke the same bug.

Expected behavior

You should not be logged out.

This was super hard to track down and looks like it's causing other issues involving OAuth flows like Auth: User unexpectedly logs out when linking new OAuth provider fails

System information

• OS: macOS 14.5
• Version of supabase-js: 2.45.4
• Version of Node.js: 18.17.1

Additional context

This bug doesn't happen on server-rendered pages like /protected.