supabase / supabase-flutter / 27145513842
85%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 72
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 80.471% (+0.03%) from 80.439%
27145513842

push

github

web-flow 
fix(realtime_client): suppress InvalidJWTToken from setAuth in joinPush 'ok' handler (#1365)

## Summary

Fixes #1363.

`RealtimeChannel.subscribe()` registers an `async` `'ok'` callback on
`joinPush` that calls `socket.setAuth(socket.accessToken)` without a
`try`/`catch`. When the cached access token has expired by the time the
server replies `'ok'` (e.g. the device woke from a long background sleep
and the channel rejoined before the auth refresh fired), `setAuth`
throws:

```
FormatException: InvalidJWTToken: Invalid value for JWT claim "exp" with value …
```

Because `Push.trigger` invokes the callback as a `void`-returning
function, the resulting `Future`'s error is discarded and surfaces in
the zone error handler. Sentry / Crashlytics report it as a fatal even
though the app keeps running and the next `tokenRefreshed` event
recovers normally.

`SupabaseClient._handleTokenChanged` already filters this exact
exception on the auth-state-change path:


https://github.com/supabase/supabase-flutter/blob/main/packages/supabase/lib/src/supabase_client.dart#L379-L389

This PR mirrors that filter on the rejoin path so the two re-auth code
paths behave consistently.

## Change

`packages/realtime_client/lib/src/realtime_channel.dart` — wrap the
rejoin `setAuth` call in the same `FormatException` / `InvalidJWTToken`
filter that `SupabaseClient._handleTokenChanged` uses. Other
`FormatException`s still propagate.

```dart
if (socket.accessToken != null) {
  try {
    await socket.setAuth(socket.accessToken);
  } on FormatException catch (e) {
    if (!e.message.contains('InvalidJWTToken')) {
      rethrow;
    }
  }
}
```

## Tests

Added two unit tests in
`packages/realtime_client/test/channel_test.dart`:

1. **Positive case** — when `setAuth` throws
`FormatException('InvalidJWTToken: …')` on rejoin, the `'ok'` handler
still runs to completion and emits `RealtimeSubscribeStatus.subscribed`.
Without the fix this test fails (the callback aborts at `setAuth` an... (continued)

3 of 3 new or added lines in 1 file covered. (100.0%)

3556 of 4419 relevant lines covered (80.47%)

2.91 hits per line

Jobs
ID Job ID Ran Files Coverage
1 27145513842.1 72
80.47
 GitHub Action Run
Source Files on build 27145513842