Description
Bug report
- I confirm this is a bug with Supabase, not with my own application.
- I confirm I have searched the Docs, GitHub Discussions, and Discord.
Describe the bug
The Supabase client after some time (I believe when access token gets refreshed) stops working for Auth admin calls. Once it stops working no subsequent request is successful anymore and the only remedy I found is to restart the server so that the initialization starts again.
To Reproduce
supabase = None
def a_function():
global supabase
if not supabase:
supabase = create_client(SUPA_URL, SUPA_KEY, # using the service role here
options=ClientOptions(
postgrest_client_timeout=10, # seconds?
storage_client_timeout=10,
))
users = supabase.auth.admin.list_users(page=page_num). -> 403 User not allowed
At the API Gateway logs:
Expected behavior
Initial requests succeed. After some time they fail. Since the key is the service_role, requests should go through.
Screenshots
Debugging through the Supabase code, I noticed that when the request fail with 403 ('user not allowed) the apiKey differs from the Authorization header
This prompted me to change manually (in the debugger) the Authorization header with the apiKey. Request went through which proves that the apiKey is not the issue.
What is more in initial requests the Bearer is the same as the apiKey.
Could it be that the access token refresh is not working correctly?
System information
- OS: macOS
- Browser: server-side, FastAPI 0.115.12
- Version of supabase-py: 2.15.2, sync client (async client does not even work for supabase.auth.admin.list_users)
- Version of Python: 3.12
Additional context
In general, would be great to add in the docs the proper way to initiate the supabase client for reuse in a server environment. People are asking also in #697 for such instructions.
Note the same pattern with global seems to work ok for non-admin auth calls e.g. supabase.auth.sign_in_anonymously