You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On client side I retrieve access token with @supabase/auth-helpers-react's useSession().access_token. I send this token via header to the server side.
On server, I can successfully use this token with supabase.auth.get_user(jwt=access_token) where supabase is created with create_client and anon key passed in. I get back the user as specified in the token.
Now the bug (in my view) is that I cannot use this same access token with supabase.auth.set_session.
The error is being thrown in gotrue/helpers.py in decode_jwt_payload. The error is binascii.a2b_base64(s) binascii.Error: Incorrect padding. It fails to parse the middle (the main) part of the access token. If I pad the middle part (just before decoding by editing gotrue code) with == then it works fine and I am able to set the session.
Of course, if I do the padding earlier where I pass the token then the signature of the token becomes invalid.
Here is an example token I am getting with a JS client for which the error happens:
I have tried several tokens and this happens for all of them. Once again, if I "fix" the padding manually then set_session works.
UPDATE 2:
There are two issues in the way. 1) Setting the session, 2) Updating the already initialised postgrest client (it's really bad design to eagerly instantiate them all in __init__ — should have happened lazily or should be reinitialised in set_session).
My workaround for set_session (notice also the last line):
defset_supabase_session(sup, access_token, refresh_token):
""" Workaround for the buggy supabase.auth.set_session method which fails to decode the access_token. The only changes: 1) Do not return AuthResponse 2) _decode_jwt call replaced. """time_now=round(time())
expires_at=time_nowhas_expired=Truesession: Union[Session, None] =Noneifaccess_tokenandaccess_token.split(".")[1]:
# start of _decode_jwt replacement:parts=access_token.split(".")
iflen(parts) !=3:
raiseValueError("JWT is not valid: not a JWT structure")
payload=json.loads(base64.b64decode(parts[1] +"==").decode("utf-8"))
# end of _decode_jwt replacement:exp=payload.get("exp")
ifexp:
expires_at=int(exp)
has_expired=expires_at<=time_nowifhas_expired:
ifnotrefresh_token:
raiseAuthSessionMissingError()
response=sup.auth._refresh_access_token(refresh_token)
ifnotresponse.session:
returnsession=response.sessionelse:
response=sup.auth.get_user(access_token)
session=Session(
access_token=access_token,
refresh_token=refresh_token,
user=response.user,
token_type="bearer",
expires_in=expires_at-time_now,
expires_at=expires_at,
)
sup.auth._save_session(session)
sup.auth._notify_all_subscribers("TOKEN_REFRESHED", session)
# !!!sup.postgrest.auth(access_token)
The text was updated successfully, but these errors were encountered:
Python package versions:
gotrue==1.0.0
supabase=1.0.0
@supabase/auth-helpers-react
'suseSession().access_token
. I send this token via header to the server side.supabase.auth.get_user(jwt=access_token)
wheresupabase
is created withcreate_client
and anon key passed in. I get back the user as specified in the token.supabase.auth.set_session
.The error is being thrown in
gotrue/helpers.py
indecode_jwt_payload
. The error isbinascii.a2b_base64(s) binascii.Error: Incorrect padding
. It fails to parse the middle (the main) part of the access token. If I pad the middle part (just before decoding by editing gotrue code) with==
then it works fine and I am able to set the session.Of course, if I do the padding earlier where I pass the token then the signature of the token becomes invalid.
Here is an example token I am getting with a JS client for which the error happens:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhdXRoZW50aWNhdGVkIiwiZXhwIjoxNjc1OTc3ODk3LCJzdWIiOiI4NDY1ZTgyZS01YjZkLTRkYmEtODI5Yy03YjA4MmYxM2UzNTYiLCJlbWFpbCI6ImphemVwc0BleGFtcGxlLmNvbSIsInBob25lIjoiIiwiYXBwX21ldGFkYXRhIjp7InByb3ZpZGVyIjoiZW1haWwiLCJwcm92aWRlcnMiOlsiZW1haWwiXX0sInVzZXJfbWV0YWRhdGEiOnt9LCJyb2xlIjoiYXV0aGVudGljYXRlZCIsInNlc3Npb25faWQiOiJjNDMyNGVlOC00NWM2LTRhMDktYWNlZS0wMzY3ODk5YTMxNTIifQ.SZuTGp0LXIeSWRQJMGhh_2DmO2dIFsFADlnvjfwpouc
I have tried several tokens and this happens for all of them. Once again, if I "fix" the padding manually then
set_session
works.UPDATE 2:
There are two issues in the way. 1) Setting the session, 2) Updating the already initialised
postgrest
client (it's really bad design to eagerly instantiate them all in__init__
— should have happened lazily or should be reinitialised inset_session
).My workaround for
set_session
(notice also the last line):The text was updated successfully, but these errors were encountered: