fix: actually fetch access token from session

[J0]

Pass through access token

Aims to fix #58 and #185

TODO

• _init_postgrest_client needs to be modified too

[sourcery-ai]

Sourcery Code Quality Report

✅  Merging this PR will increase code quality in the affected files by 0.78%.

Quality metrics	Before	After	Change
Complexity	3.12 ⭐	3.08 ⭐	-0.04 👍
Method Length	43.17 ⭐	44.08 ⭐	0.91 👎
Working memory	9.73 🙂	9.58 🙂	-0.15 👍
Quality	67.80% 🙂	68.58% 🙂	0.78% 👍

Other metrics	Before	After	Change
Lines	186	189	3

Changed files	Quality Before	Quality After	Quality Change
supabase/client.py	67.80% 🙂	68.58% 🙂	0.78% 👍

Here are some functions in these files that still need a tune-up:

File	Function	Complexity	Length	Working Memory	Quality	Recommendation
supabase/client.py	Client.__init__	6 ⭐	212 ⛔	15 😞	43.73% 😞	Try splitting into smaller methods. Extract out complex expressions

Legend and Explanation

The emojis denote the absolute quality of the code:

• ⭐ excellent
• 🙂 good
• 😞 poor
• ⛔ very poor

The 👍 and 👎 indicate whether the quality has improved or gotten worse with this pull request.

---

Please see our documentation here for details on how these metrics are calculated.

We are actively working on this report - lots more documentation and extra metrics to come!

Help us improve this quality report!

[codecov]

Codecov Report

Base: 78.75% // Head: 78.88% // Increases project coverage by +0.13% 🎉

Coverage data is based on head (c3f74a2) compared to base (6700ab5).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop     #370      +/-   ##
===========================================
+ Coverage    78.75%   78.88%   +0.13%     
===========================================
  Files            9        9              
  Lines          160      180      +20     
===========================================
+ Hits           126      142      +16     
- Misses          34       38       +4     

Impacted Files	Coverage Δ
supabase/client.py	88.88% <100.00%> (-2.92%)	⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[kamrik]

I think this line is executed only when the client is initialized, that is before sign-in. We need something that sets the header not only after sign-in but also every time the access token is refreshed. Maybe we can add a function like Client.ensure_fresh_session() that would get the token from auth.get_session() (which refreshes access token if needed) and then set the authorization header for all sub-components of the Client.

[J0]

Yup, I agree, there's a refresh that is needed. In the js lib there's a refresh triggered when the auth state changes. I don't quite have bandwidth to look into this outside of weekends but if anyone has bandwidth feel free to pick it up

[SaileshBechar]

It feels natural for the correct token to be set when calling Client.auth.set_session(). Could the headers just be updated as a part of this workflow?

[kamrik]

If we use set_session() to set the headers, the typical workflow will be:

1. sign_in
2. set_session()
3. call to retrieve data from the DB
   // some time later, when the access token might have expired
4. set_session() again
5. another call to retrieve data from the DB

Forcing people to call set_session() every time before DB calls seems redundant. Am I missing something?

We could change the implementation of Client.from_() to take care of token refresh and header, then the user can work in a more intuitive way.

1. sign in
2. call DB

[0xDeadcell]

Can we have someone approve this please so this can get merged

[vcscsvcscs]

This should be approved and merged, as this is an insanely annoying issue.

[0xDeadcell]

Can someone with write access finalize this? @J0 @kamrik @anand2312 Would really appreciate it <3

[J0]

Hey everyone,

Sorry for the incommunicado - I don't think the changes in the PR actually fix the issue as there's still a need to properly implement the refresh of the access_token. There's someone who is looking into this right now and will also comb through the other issues so do watch this space. They will also do a pass through the library so hopefully that should improve the state we're in right now.

I'm going to go ahead and close this PR for now. In hindsight, I should have done this earlier so sorry about this. For anyone who is looking for how to do access token verification for a Python backend you can consider taking a look at the good work done by StanGirard: QuivrHQ/quivr#144