supabase
/
auth
/
21130794887
69%
|
Ran
|
Jobs
1
|
Files
171
|
Run time
1min
|
Badge
Embed ▾
README BADGES
|
coverage: 68.861% (+0.009%) from 68.852%
push
github
web-flowfeat: add Supabase Auth identifier to OAuth redirect URLs (#2299) ## Summary Adds a Supabase Auth identifier (`sb`) to URL fragments in all OAuth redirect responses to help clients distinguish Supabase Auth redirects from third-party OAuth flows. ## Problem auth-js GoTrueClient currently intercepts all URL fragments containing `access_token`, including those from non-Supabase OAuth providers. This causes unintended logouts and authentication issues when users have other OAuth flows in their applications. Related issue: https://github.com/supabase/supabase-js/issues/1697 ## Solution Added an empty `sb` parameter to the URL fragment in all redirect responses: - Success redirects with tokens (via `AsRedirectURL`) - Error redirects in OAuth callbacks ([supabase-js has](https://github.com/supabase/supabase-js/blob/a66387e99/packages/core/auth-js/src/lib/errors.ts#L14-L38) a `__isAuthError`, but adding it for error to be fault-tolerant, and non-supabase-sdk cases) - Error redirects in verification flows - Message redirects in verification flows Example redirect URL: `https://example.com/callback#access_token=xxx&refresh_token=yyy&expires_in=3600&sb` Clients can now check for the presence of `sb` in the fragment to confirm the redirect originated from Supabase Auth.
6 of 6 new or added lines in 3 files covered. (100.0%)
14823 of 21526 relevant lines covered (68.86%)
79.66 hits per line
Jobs
| ID | Job ID | Ran | Files | Coverage | |
|---|---|---|---|---|---|
| 1 | 21130794887.1 | 171 |
68.86 |
GitHub Action Run |
