Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent behaviour on offline logout #683

Open
elkSal opened this issue Oct 29, 2023 · 1 comment
Open

Inconsistent behaviour on offline logout #683

elkSal opened this issue Oct 29, 2023 · 1 comment
Labels
auth This issue or pull request is related to authentication bug Something isn't working

Comments

@elkSal
Copy link

elkSal commented Oct 29, 2023
edited by dshukertjr

Describe the bug
When offline, using the logout function:

  • the first time triggers the onAuthStateChange: AuthChangeEvent.signedOut and then throws a _ClientSocketException
  • the second time triggers again an AuthChangeEvent.signedOut without throwing any exception.

To Reproduce
My Logout function code:

class SettingsHomeRepositoryImpl implements SettingsHomeRepository {
  SupabaseClient _supabaseClient;
  SettingsHomeRepositoryImpl(this._supabaseClient);


  @override
  Future<void> logOut() async {
    await _supabaseClient.auth.signOut();
  }
}

Expected behavior
I would expect a consistent behaviour, either always throwing an exception or never doing that for offline logout.

Additional considerations
I checked the Supabase logout function and my guess is that the first time triggering an offline logout the function removes the accessToken and then tries to try catch block, triggering the exception. The second time using the offline logout, there is no more an accessToken and therefore it doesn't go in the try catch block.

Supabase Flutter Logout

Future<void> signOut({
      SignOutScope scope = SignOutScope.global,
    }) async {
      final accessToken = currentSession?.accessToken;
  
      if (scope != SignOutScope.others) {
        _removeSession();
        await _asyncStorage?.removeItem(
            key: '${Constants.defaultStorageKey}-code-verifier');
        _notifyAllSubscribers(AuthChangeEvent.signedOut);
      }
  
      if (accessToken != null) {
        try {
          await admin.signOut(accessToken, scope: scope);
        } on AuthException catch (error) {
          // ignore 401s since an invalid or expired JWT should sign out the current session
          // ignore 404s since user might not exist anymore
          if (error.statusCode != '401' && error.statusCode != '404') {
            rethrow;
          }
        }
      }
    }
@elkSal elkSal added the bug Something isn't working label Oct 29, 2023
@Vinzent03
Copy link
Collaborator

I'm unsure what the solution to this issue should be. Throwing a socket exception although no request would have been made doesn't make sense. I think you should just check before calling the sign out method whether a session even exists or not. Since signing out when no session exists doesn't change anything.
So I think the current implementation is the desired way.

@dshukertjr dshukertjr added the auth This issue or pull request is related to authentication label Jan 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth This issue or pull request is related to authentication bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dshukertjr @Vinzent03 @elkSal