Getting AuthApiError: Invalid Refresh Token: Refresh Token Not Found in newest version

[dustin-we]

Version

@nuxtjs/supabase: v1.3.2
nuxt: v3.12.0

Steps to reproduce

Wait for a bit before visiting an app you are authenticated to, I guess for the token to lose validity.

What is Expected?

Token gets refreshed and you can visit the app.

What is actually happening?

You get a Nuxt error 500 page, the logs throw the following error:

AuthApiError: Invalid Refresh Token: Refresh Token Not Found at handleError (/home/customer/customer_report_center/.output/server/node_modules/@supabase/auth-js/dist/main/lib/fetch.js:63:11) at processTicksAndRejections (node:internal/process/task_queues:95:5) at _handleRequest (/home/customer/customer_report_center/.output/server/node_modules/@supabase/auth-js/dist/main/lib/fetch.js:108:9) at _request (/home/customer/customer_report_center/.output/server/node_modules/@supabase/auth-js/dist/main/lib/fetch.js:89:18) at /home/customer/customer_report_center/.output/server/node_modules/@supabase/auth-js/dist/main/GoTrueClient.js:1359:24 at /home/customer/customer_report_center/.output/server/node_modules/@supabase/auth-js/dist/main/lib/helpers.js:231:36 { __isAuthError: true, status: 400, code: undefined }

After refreshing, everything works as expected. I am rolling back to v1.2 for now, the error never occured on that version. Only thing I changed in the project was the version of this project.

Also, maybe related: I keep on sometimes getting another error 400: Request Header or Cookie Too Large, but that error is thrown by nginx, so I am not yet sure that is related to this project.

[XStarlink]

@dustin-we I had a problem with the Sessions refresh for several weeks, let me know if it's more or less the same problem: #381

I didn't have the problem of the cookie being too large, but only of the session being lost after an hour, leaving my users connected on the front side, but not connected on the back side.

[dustin-we]

Hi,
I had the issue #388, which seems similar to #381, causing my middleware to throw an error.

Can't look at the code right now, but I think I had server middleware and I was using serverSupabaseUser(event) and instead of the user object being null, like it used to be, it threw an error with the same description as in #381 'Auth session missing!'

I solved the cookie problem by configuring NGINX proxy settings, looks like its gone for now.

[dustin-we]

Also, maybe my initial error with the refresh_token not found is connected to the 'cookie too large' nginx error, causing the server to receive a missing refresh token in the cookies? Not sure

[XStarlink]

@dustin-we Ok, Probably because the Cookie was too large for NGNIX, it wasn't received on the server side during the request, and so the server side of Supabase couldn't retrieve the access token of the user making the request.

And now everything's working? Can you stay connected indefinitely without losing a session? Are you in v1.2 or v1.3?

[saint-james-fr]

Hello, same problem here and we're running @nuxtjs/supabase: 1.2.2, I don't think we can configure our NGINX as website is hosted by Netlify so I can't really test this assumption. Anyone has seen a improvement by upgrading versions?

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[james-benns]

I'm still experiencing this issue, also hosting on Netlify. Any pointers? I've tried a lot of things already including updating related packages and disabling the replay attack prevention in Supabase. Thanks!