Updating & refreshing user metadata causes Error "Invalid Refresh Token: Already Used"

[skoshx]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

I'm trying to use the Supabase user metadata as a means of storing user metadata (like preferences eg. is_subscribed_to_newsletter), since it seems way more intuitive than having a clone of it in Postgres, and updating those... This is my code:

await supabaseClient.auth.updateUser({
            data: {
                ...metadata,
                ...updatedMetadata
            }
        })
        const { error } = await supabaseClient.auth.refreshSession()

Basically, the first time I update any user metadata, it works perfectly, but the second time and all times after that I get the error "Invalid Refresh Token: Already Used"

As seen here and here, other people are also facing this issue.

To Reproduce

• Create a Next app with an authenticated user
• call updateUser, then refreshSession
• Try to updateUser, then refreshSession again, and you will get error "Invalid Refresh Token: Already Used"

Expected behavior

I expect the refreshSession to also refetch a new refresh-token, while refetching updated account information for the useUser hook.

Being able to use the user_metadata field for small personal user preferences is super good for DX. I always cringed at the idea of creating some Postgres triggers (that last I checked weren't even production ready) only to create a matching public.users table that then contained the users data, when we could just use the user_metadata itself.

System information

• OS: macOS
• Browser (if applies) Chrome
• Version of supabase-js: 2.26.0
• Version of Node.js: v18.15.0

[skoshx]

Friendly bump :)

[skoshx]

Friendly bump :)

[skoshx]

This is tracked in supabase/auth-js#755