This repository was archived by the owner on Sep 8, 2025. It is now read-only.
  
  
  - 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 53
    This repository was archived by the owner on Sep 8, 2025. It is now read-only.
  
  
exchange_code_for_session() breaks with "unsupported_grant_type" error in 2.11.0 #659
Copy link
Copy link
Closed
Labels
bugSomething isn't workingSomething isn't working
Description
Bug report
- I confirm this is a bug with Supabase, not with my own application.
- I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
Earlier this week, I noticed that my Google login with Supabase was failing. Looking at my logs, the function exchange_code_for_session() was failing.
The exchange_code_for_session() method stops working when upgrading from supabase-py 2.9.0/2.10.0 to 2.11.0 on Render (my hosting service), failing with an "unsupported_grant_type" error. The implementation appears identical between versions, making the cause unclear. Locally, running through uvicorn, it works just fine.
But on Render, it fails.
Code
# Working in 2.9.0 and 2.10.0, breaks in 2.11.0
session_response = supabase.auth.exchange_code_for_session({"auth_code": code})
return supabase.auth.get_user(session_response.session.access_token), session_response.sessionError Details
Full request/response from 2.11.0:
=== REQUEST DETAILS ===
Method: POST
URL: https://[REDACTED].supabase.co/auth/v1/token?grant_type=pkce
Headers:
  Content-Type: application/json;charset=UTF-8
  X-Supabase-Api-Version: 2024-01-01
  Authorization: Bearer [REDACTED]
  X-Client-Info: supabase-py/2.11.0
Query Params:
Body:
  {'auth_code': '[REDACTED]', 'code_verifier': '[REDACTED]'}
=== END REQUEST DETAILS ===
=== RESPONSE DETAILS ===
Status Code: 400
Response Headers:
  date: Fri, 24 Jan 2025 04:25:34 GMT
  content-type: application/json
  content-length: 65
  cf-ray: 906d42a8ee94cf4e-CMH
  cf-cache-status: DYNAMIC
  strict-transport-security: max-age=31536000; includeSubDomains
  vary: Origin, Accept-Encoding
  sb-gateway-version: 1
  sb-project-ref: tmvqjanzajgiycfziqyr
  x-content-type-options: nosniff
  x-envoy-attempt-count: 1
  x-envoy-upstream-service-time: 0
  x-sb-error-code: invalid_credentials
  x-supabase-api-version: 2024-01-01
  server: cloudflare
  alt-svc: h3=":443"; ma=86400
Response Body:
  {"code":"invalid_credentials","message":"unsupported_grant_type"}
=== END RESPONSE DETAILS ===
Environment
- supabase-py version: 2.11.0 (broken) / 2.10.0 and 2.9.0 (working)
- Flow type: PKCE
- Environment: Production deployed to Render
Current Workaround
Pinning the version to supabase-py==2.10.0 in requirements.txt resolves the issue. But this means I cannot upgrade to the latest versions without it breaking.
Questions
- What changed in 2.11.0 that causes this flow to break?
- Is there a fix that allows using the latest version?
System information
- OS: mac OS and Render.com
- Version of ssupabase-py: 2.11.0 is the buggy version
ilangurudev
Metadata
Metadata
Assignees
Labels
bugSomething isn't workingSomething isn't working