Skip to content

Add new event system, add support for error code in OTP links #912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

Add new event system, add support for error code in OTP links #912

wants to merge 13 commits into from

Conversation

jan-tennert
Copy link
Collaborator

@jan-tennert jan-tennert commented Apr 25, 2025
edited
Loading

What kind of change does this PR introduce?

Feature

What is the current behavior?

  • You have to do the parsing the error codes in the URL yourself. (If there is one e.g. in deeplinks on Android/iOS, current URL on JS, etc.)
  • The sessionStatus will get updated to SessionStatus.RefreshFailure(e) even if its still valid (=no access to the valid session).

What is the new behavior?

New event system which exists next to the sessionStatus, but works independently. Currently there are two events:

  • AuthEvent.OtpError(...) - will be emitted if an error code was found in a OTP link (deeplink on Android/iOS, URL on JS and Desktop)
  • AuthEvent.RefreshFailure(cause) - will be emitted if a session refresh failed (regardless if the session is still valid)

This PR also changes the SessionStatus.RefreshFailure(cause):

  • The cause parameter/property is deprecated (use the event for the cause)
  • This status will only get set, if the session expired.

--> If a refresh failed, an event will always be emitted, but the session status will only get updated if the session also expired. Planning to rename the status in the future to something like SessionStatus.NeedsRefresh

Additional changes:

  • Error related parameters will now be removed from the history when used

@github-actions github-actions bot added the auth label Apr 25, 2025
@jan-tennert jan-tennert marked this pull request as ready for review April 26, 2025 14:59
@jan-tennert
Merge branch 'master' into not-authenticated-reason
4ffed91 
# Conflicts:
#	Auth/src/commonMain/kotlin/io/github/jan/supabase/auth/Utils.kt
@jan-tennert
Add checks for errors & tests
7cc1a81
@github-actions github-actions bot added the tests label Apr 26, 2025
@jan-tennert jan-tennert changed the title Introduce NotAuthenticatedReason parameter to SessionStatus.NotAuthenticated Add support for handling error responses in URLs Apr 28, 2025
@sproctor
Copy link
Contributor

Just a thought, would it make sense to merge SessionStatus.RefreshFailure into this with a RefreshFailure reason?

@jan-tennert
Copy link
Collaborator Author

jan-tennert commented Apr 30, 2025
edited
Loading

Just a thought, would it make sense to merge SessionStatus.RefreshFailure into this with a RefreshFailure reason?

Maybe. But that would be too breaking for a minor version, we can leave this thought for v4.
I'm not yet happy with this design (NotAuthenticatedReason) anyways, so it might be something else entirely.

@jan-tennert jan-tennert mentioned this pull request Apr 30, 2025
Open
1 task
@jan-tennert
Copy link
Collaborator Author

Just a thought, would it make sense to merge SessionStatus.RefreshFailure into this with a RefreshFailure reason?

Maybe. But that would be too breaking for a minor version, we can leave this thought for v4. I'm not yet happy with this design (NotAuthenticatedReason) anyways, so it might be something else entirely.

Planning to refactor this:
#919 (comment)

@jan-tennert jan-tennert changed the title Add support for handling error responses in URLs Add support for handling error responses in URLs with a new event system Apr 30, 2025
@jan-tennert jan-tennert changed the title Add support for handling error responses in URLs with a new event system Add new event system, add support for error code in OTP links Apr 30, 2025
grdsdev
grdsdev reviewed May 2, 2025
View reviewed changes
Copy link
Contributor

@grdsdev grdsdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @jan-tennert these changes deviates from the official libs, I'd like to better understand its benefits, could you explain?

Specially this new AuthEvent type.

@jan-tennert
Copy link
Collaborator Author

jan-tennert commented May 2, 2025
edited
Loading

Hi @jan-tennert these changes deviates from the official libs, I'd like to better understand its benefits, could you explain?

Specially this new AuthEvent type.

@grdsdev
Well as of right now, auth-kt doesn't really have an event system like the other client libs (which represent the AuthEvent as a String, what you wouldn't in Kotlin), Auth#sessionStatus is pretty much the replacement for that. The idea was to also check for error codes in deeplinks, urls, etc. aside from PKCE codes / access tokens and somehow make this receivable. Putting it in sessionStatus does not work because, this state should only represent session related data (Authenticated, NotAuthenticated, etc.), so we'd need something separate.
Other client libs have an event system for events like Sign Out, Sign In etc, but this already kinda covered by sessionStatus, so I didn't add them and wanted to only add events which are not linked to a session state and can happen independently.
We could add them, but we'd have that overlap.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grdsdev grdsdev grdsdev left review comments

@dshukertjr dshukertjr dshukertjr approved these changes

Assignees
No one assigned
Labels
auth tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jan-tennert @sproctor @grdsdev @dshukertjr