fix(auth): do not console.error AuthApiError already returned through contract

[MaitreyeeDeshmukh]

Description

In SSR/Edge environments (Next.js middleware on Vercel Edge Runtime), every supabase.auth.getUser() call against a session with a stale refresh token produces a noisy [AuthApiError]: Invalid Refresh Token line in server logs.

What changed?

In _recoverAndRefresh inside GoTrueClient.ts, the else branch after the discarded-error guard was calling console.error(error) unconditionally. This error is already returned through the public API contract via _callRefreshToken's return value — the caller receives { data: null, error } correctly. The bare console.error adds no diagnostic value and duplicates the error surface.

The fix replaces console.error(error) with this._debug(debugName, 'refresh failed', error), matching the pattern of the isAuthRefreshDiscardedError branch immediately above it.

Closes #2416

Type of Change

• Bug fix (fix)

Testing

• Unit tests added — new test in GoTrueClient.test.ts asserts console.error is not called when _recoverAndRefresh encounters a stale refresh token
• - [x] All tests passing locally (441 passed, 15 suites)

Checklist

• Code formatted (pnpm nx format)
• - [x] Tests passing (pnpm nx test:auth auth-js)
• - [x] Build passing (pnpm nx affected --target=build)
• - [x] Used conventional commits (pnpm commit)
• - [x] Documentation updated (no public API change)

[pkg-pr-new]

Open in StackBlitz

@supabase/auth-js

npm i https://pkg.pr.new/@supabase/auth-js@2428

@supabase/functions-js

npm i https://pkg.pr.new/@supabase/functions-js@2428

@supabase/postgrest-js

npm i https://pkg.pr.new/@supabase/postgrest-js@2428

@supabase/realtime-js

npm i https://pkg.pr.new/@supabase/realtime-js@2428

@supabase/storage-js

npm i https://pkg.pr.new/@supabase/storage-js@2428

@supabase/supabase-js

npm i https://pkg.pr.new/@supabase/supabase-js@2428

commit: 9dae030