Handling refresh token with SSR

[Etheonor]

Hello!

I'm using the auth system with SSR and I took the example from here: https://github.com/supabase/supabase/blob/master/examples/nextjs-with-supabase-auth/pages/profile.js

But I have an issue when the access token is expired. There is no way to use the refresh token because it's not in the cookie and we can't retrieve it with localstorage (SSR).

Am I missing something or the refresh token should be in the cookie created by 'auth.api.setAuthCookie'?

[Etheonor]

Just to update this thread, the refresh token doesn't work at all with the current implementation of the Auth component. After an hour, I will get a 401 error on all my server side actions. I need to logout/login again, even a refresh of the page not working.

Do you handle the refresh of the access token?

[AronBe]

I am also confused, is the refresh of the token supposed to happen as default? After 60min I get an error
TypeError: undefined is not an object (evaluating 'this.currentSession'). I dont even get any log from the authStateChange listener, it just errors out.

Might be React Native thing though? I am initiating the client to AsyncStorage where the session is saved correctly. Based on the Audit Trail my refreshed token is immediately revoked.

@kiwicopple - your thoughts? Should I create an issue?

[slavicdev34]

Any idea how to achieve this? Is it safe to store a refresh token inside the HTTP cookie?

[wadclapp]

I think this is achieved in Firebase with .getIdToken(true).then(token => {}), which is what I used on SSR. Also wondering how to do this with supabase 🤔