Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error to Logout - Inconsistent 403 Forbidden #1170

Closed
mmarinhomac opened this issue May 24, 2024 · 6 comments
Closed

Error to Logout - Inconsistent 403 Forbidden #1170

mmarinhomac opened this issue May 24, 2024 · 6 comments
Labels
bug Something isn't working

Comments

@mmarinhomac
Copy link

Bug report

Describe the bug

I'm realizing that this happens after a new deployment, perhaps, I'm already logged in to the platform in production, I can recover the session normally but when I click to log out, it returns 403 AuthApiError: Session from session_id claim in JWT does not exist, localhost this does not happen.

Since I already have the local session, I tried to handle this 403 to manually pass refresh_token to supabase.auth.refreshSession({ refresh_token }) and somehow reset everything so that my clients don't get stuck in this situation, but it returns 400 bad request, but I check in the request the refresh_token is present in the payload.

To Reproduce

The only specific scenario observed was that I performed a deployment before, my front-end is hosted on Vercel.

Expected behavior

Logout

Screenshots

supabase_evidence3
supabase_evidence4

System information

  • OS: Windows
  • Browser chrome desktop
  • Version of supabase-js: ^2.38.5
  • Version of Node.js: 19.0.0
@mmarinhomac mmarinhomac added the bug Something isn't working label May 24, 2024
@ysemennikov
Copy link

ysemennikov commented May 25, 2024
edited
Loading

Hey! Just got absolutely the same error. Have deployed to Vercel and now catch the bug (on both production and localhost).

Well, it seems like I have successfully logged out on the backend of Supabase, but the session hasn't been removed on the frontend.

const user = useSupabaseUser();
const supabase = useSupabaseClient();

if (user.value) {
  console.log(user.value) // logs a User
  const { error } = await supabase.auth.signOut();
  console.log('error', error); // AuthApiError: Session from session_id claim in JWT does not exist
}
image

System information

  • Nuxt 3 + official Supabase module ("@nuxtjs/supabase": "^1.2.2")
  • Node.js 20
  • Browser: Chrome Desktop
  • OS: MacOS

@epavanello
Copy link

Same issue to me on https://avatarify-ai.com/
Any solution or workaround?

@Randallcp
Copy link

Randallcp commented May 26, 2024
edited
Loading

I'm getting the same exact error message using supabase-swift, so the issue doesn't appear to be isolated to this library.

@Garett-MacGowan
Copy link

I'm experiencing a similar issue with edge function authorization.

@epavanello
Copy link

I solved upgrading the dependencies

@mmarinhomac
Copy link
Author

A quick update, supabase support got back to me the following message:

You can fix this by:
- Manually ignore 403s returned and just clear the local session stored on the browser.
- Upgrade to supabase-js v2.43.1 which contains the changes to ignore the 403s returned.

I try to repeat the error, but it happens intermittently, in the end I ended up updating to the latest version ^2.43.4 ⚡️

"clear the local session" I don't know how I would do this since the supabase session is stored in cookies secure and http , which cannot be modified or deleted due to the browser's security policies...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Randallcp @Garett-MacGowan @mmarinhomac @epavanello @ysemennikov