Skip to content

Add session failsafe and option to require a session for requests #1071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: master
Choose a base branch
from
Draft

Add session failsafe and option to require a session for requests #1071

wants to merge 6 commits into from

Conversation

jan-tennert
Copy link
Collaborator

@jan-tennert jan-tennert commented Oct 11, 2025
edited
Loading

What kind of change does this PR introduce?

Feature

What is the new behavior?

  • Adds a new option (AuthConfig#checkSessionOnRequest) to check any request made with the current user session and if the session is expired try to force a refresh or let the request fail.
  • Adds a new config option to Realtime, Functions, Postgrest, Storage to require a session to make requests from this plugin (aka disable using the api key as a fallback option)

@jan-tennert jan-tennert added the enhancement New feature or request label Oct 11, 2025
@github-actions github-actions bot added the auth label Oct 11, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 11, 2025
View reviewed changes
Auth/src/commonMain/kotlin/io/github/jan/supabase/auth/exception/TokenExpiredException.kt
package io.github.jan.supabase.auth.exception

//TODO: Add actual message and docs
class TokenExpiredException: Exception("The token has expired") No newline at end of file

Check warning

Code scanning / detekt

Public classes, interfaces and objects require documentation. Warning

TokenExpiredException is missing required documentation.
@jan-tennert jan-tennert mentioned this pull request Oct 11, 2025
Closed
@jan-tennert jan-tennert changed the title Add session failsafe Add session failsafe and option to require a session for requests Oct 12, 2025
@jan-tennert jan-tennert linked an issue Oct 12, 2025 that may be closed by this pull request
[Feature request]: A method to require requests to be authenticated #970
Open
2 tasks
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 12, 2025
View reviewed changes
Auth/src/commonMain/kotlin/io/github/jan/supabase/auth/SessionNetworkInterceptor.kt
object SessionNetworkInterceptor: NetworkInterceptor.Before {

override suspend fun call(builder: HttpRequestBuilder, supabase: SupabaseClient) {
val authHeader = builder.headers[HttpHeaders.Authorization]?.replace("Bearer ", "")

Check warning

Code scanning / detekt

Property is unused and should be removed. Warning

Private property authHeader is unused.
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 12, 2025
View reviewed changes
Auth/src/commonMain/kotlin/io/github/jan/supabase/auth/AuthConfig.kt
@SupabaseExperimental
var checkSessionOnRequest: Boolean = true

var requireValidSession: Boolean = false

Check warning

Code scanning / detekt

Public properties require documentation. Warning

The property requireValidSession is missing documentation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

auth enhancement New feature or request postgrest realtime storage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature request]: A method to require requests to be authenticated

1 participant

@jan-tennert