Send Valid User Access Token to Realtime Server

[w3b6x9]

Feature request

Realtime server is now checking every minute to verify the validity of the user access token and storing updated user information from the JWT to Realtime's subscription table (used by Realtime WALRUS).

Describe the solution you'd like

1. Realtime client pushes the user access token to all channels every heartbeat, which defaults to 30 seconds (see ref, ref, and ref).
2. Supabase client sends latest and valid user access token on auth events SIGNED_IN and TOKEN_REFRESHED (see ref)*.
3. Supabase client removes all subscriptions on auth event SIGNED_OUT (see ref)*.

*fix: improve auth for realtime row level security #303

Additional context

Realtime Security (WALRUS) will be launched very soon so we'll mention that additional Supabase client libs, like this one, will be compatible with the new Realtime some time in the near future.

[acupofjose]

@w3b6x9 thanks for the heads up! I'm working on it now!

[w3b6x9]

@acupofjose awesome! You already figured it out but just to clarify realtime-js calls setAuth in _sendHeartbeat, which is called every heartbeat interval.

[acupofjose]

@w3b6x9 it doesn't look like USER_DELETED is implemented in gotrue-js (https://github.com/supabase/gotrue-js/search?q=USER_DELETED) is that correct?

[w3b6x9]

@w3b6x9 it doesn't look like USER_DELETED is implemented in gotrue-js (https://github.com/supabase/gotrue-js/search?q=USER_DELETED) is that correct?

@acupofjose good catch! Looks like it's not implemented yet. I'll remove it from this feature request.

[acupofjose]

Available in 0.2.6!