Need proper signOut() after deleting account

[262hz]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

Need to be able to properly sign out after deleting account. Apple requires account deletion functionality for iOS apps, and I've implemented that... it was a bit of a hassle — I needed to create a function in the SQL editor because the Supabase SDK for iOS does not include an easy way to delete an account. But the biggest issue is that I need to automatically sign out the user after the account is deleted. Calling supabase.auth.signOut() is not sufficient — it fails to call sessionManager.remove() and the result is that the app still considers the session to be active. I can't directly call supabase.auth.sessionManager.remove() because sessionManager is private. As a hack solution, I'm calling supabase.auth.signInWithOTP() because that function calls sessionManager.remove(). Here's the full "hack solution" for reference:

try? await supabase.auth.signInWithOTP(email: "",
                                        redirectTo: nil,
                                        shouldCreateUser: false,
                                        data: nil,
                                        captchaToken: nil)

To Reproduce

1. Delete an account like this:

try await supabase.database
  .rpc("delete_user") // this is a function i defined in the SQL editor
  .execute()

For reference, this is the delete_user SQL function:

CREATE or replace function delete_user()
	returns void
LANGUAGE SQL SECURITY DEFINER
AS $$
	delete from auth.users where id = auth.uid();
$$;

2. Attempt to sign out like this:

try? await supabase.auth.signOut()

3. Checks for auth.session != nil evaluate to true

Expected behavior

Checks for auth.session != nil should evaluate to false after signOut() has been called. After calling supabase.auth.signOut(), the SDK needs to call supabase.auth.sessionManager.remove() in order to end the session.

System information

• OS: iOS 17.4
• Version of supabase-swift: 2.3.1

Additional context

Here's what I'm currently doing as a "hack solution":

            try? await supabase.auth.signOut()
            
            // this is a hack... this function calls sessionManager.remove() which we need because signOut() is failing after account deletion
            try? await supabase.auth.signInWithOTP(email: "",
                                        redirectTo: nil,
                                        shouldCreateUser: false,
                                        data: nil,
                                        captchaToken: nil)
            
            //supabase.auth.sessionManager.remove() // this would have been enough, but the private var `sessionManager` is inaccessible here

[grdsdev]

Hi @262hz,

I couldn't reproduce it with the latest version, can you test with the latest 2.11.0 version?

We even have an integration test for asserting exactly this case, https://github.com/supabase/supabase-swift/blob/main/Tests/IntegrationTests/AuthClientIntegrationTests.swift#L196

So, please test with the latest library version, and let me know if you have any issues.

[262hz]

@grdsdev You're right — it's not an issue with 2.12.0 (the latest version)

Thanks for following up