Syncing Supabase auth between web app & Chrome extension

[robertsamarji]

Hello,

I'm looking for help on how to keep user auth synced between my NextJs web app and Plasmo Chrome extension.

Background on the setup:

• User logs in via the web app and is authenticated using Supabase's cookie based auth.
• Web app sends message to extension. Extension gets Supabase auth cookie and calls setSession(), setting session data within the extension from the current session.
• I can use supabase.setSession() to initialise a session when loading a CSUI.

Great, so now the user has a shared session between the web app and the Chrome extension. This works fine.

PROBLEM - After an hour, the Supabase access token expires and it uses the long-lived refresh token to set a new session. If the web app refreshes the session, the extension attempts to use the old access / refresh token and the user ends up logged out on both and vice versa.

QUESTION - How do I keep the access / refresh tokens synced between the web app and chrome extension so this doesn't happen?

Possible solutions I'm thinking are:

• In a web app Supabase auth provider, listen to a refresh of a token and send a message to the extension to get the new auth cookie and call setSession(). I think this solves the case where the web app refreshes the session.
• In Plasmo, is there a way to create a provider that I can wrap my CSUI in and in that provider I can expose a Supabase client and also listen to a refresh of a token? That way I can send a message to the web app to set a new auth cookie with the new access token and refresh token. However, I'm not sure how to do this in Plasmo, if it's possible.

Does anyone have any thoughts on these solutions above / solutions of their own?

[jellohouse]

Facing the same situation here. Any updates?

Did you find a solution @robertsamarji ?

[ayushgharat]

Yup same here. Have not been able to find a solution for this online so far