-
-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(realtime_client): Prevent sending expired tokens #1095
Conversation
null, | ||
Level.FINE, | ||
); | ||
throw FormatException( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the js client doesn't throw an exception, but logs the issue and then fails silently. I think it's better to not throw, because setAuth
is used in other places, where they might re-set the same access token which is then expired, but it shouldn't throw in those cases. Or we add try catch to those cases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great catch! I forgot to add, but the way js client handles the expired JWT changes in another PR though. supabase/realtime-js#439
What kind of change does this PR introduce?
Adds a check of whether the JWT is expired before sending it to realtime. This helps the realtime logs to be filled with bunch of expired JWT token logs.
Equivalent of supabase/realtime-js#437 and partly supabase/realtime-js#439 from realtime-js