You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The URL with pre-existing '#' value lead to no-authentication at all, when using any third-party authentication.
example : https://example.com/abc#test#access_token=TOKEN_KEY
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Add a client side Supabase authentication
Login using third-party auths, my case using github authentication
Now open your UI containing Authentication button, with a YOUR_URL + "#Test" (example : https://example.com/abc#test)
The url redirect back with the access_token value but not tigger any authentication under UI (example : https://example.com/abc#test#access_token=TOKEN_KEY)
To authenticate with the same url you need to remove any exciting #values in this case (example : https://example.com/abc#access_token=TOKEN_KEY)
Expected behavior
Should trigger authentication
Screenshots
If applicable, add screenshots to help explain your problem.
System information
OS: Windows 11
Version of @supabase/supabase-js": "^2.43.0",
Version of Node.js: 20+
Solution
Either remove #.* before adding #access_token=TOKEN_KEY on a redirect url
or access to client side with #access_token=
The text was updated successfully, but these errors were encountered:
rahul3v
changed the title
Supabase Auth: There is an issue regarding login when the requested url already had some '#' based value in it
Supabase Auth: Issue regarding login when the requested url already had some '#' based value in it when using third-party auths
May 3, 2024
Hello @encima,
Yes, that would really help to avoid the general url auth bug, More batter if add it to the auth source code to filter that atleast and extract the #access_auth=* value to trigger auth,
Otherwise user will at some moment face this issue regardless of there redirect url as user share url with #values to point something on their site and authenticating at that moment when url contains # then the supabase auth ignores the authentication and do nothing which will break the authentication cycle.
But in other cases it will do authenticate regardless of redirect url provided
Bug report
Describe the bug
The URL with pre-existing '#' value lead to no-authentication at all, when using any third-party authentication.
example :
https://example.com/abc#test#access_token=TOKEN_KEY
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
https://example.com/abc#test
)access_token
value but not tigger any authentication under UI (example :https://example.com/abc#test#access_token=TOKEN_KEY
)#values
in this case (example :https://example.com/abc#access_token=TOKEN_KEY
)Expected behavior
Should trigger authentication
Screenshots
If applicable, add screenshots to help explain your problem.
System information
Solution
Either remove
#.*
before adding #access_token=TOKEN_KEY on a redirect urlor access to client side with
#access_token=
The text was updated successfully, but these errors were encountered: