fix(auth): only warn if multiple clients share a storage-key

[sh41]

🔍 Description

This allows use of multiple clients with different storage-keys, without the Multiple GoTrueClient instances detected in the same browser context. It is not an error, but this should be avoided as it may produce undefined behavior when used concurrently under the same storage key. warning appearing.

What changed?

• The storageKey has also been added to the prefix of the debug messages to help with tracing.

- GoTrueClient@0 (0.0.0) 2025-08-13T21:51:25.839Z #_acquireLock begin -1
+ GoTrueClient@sb-127-auth-token:0 (0.0.0) 2025-08-13T21:51:25.839Z #_acquireLock begin -1

• The same prefix has been added to the warning for consistency.

- Multiple GoTrueClient instances detected in the same browser context. It is not an error, but this should be avoided as it may produce undefined behavior when used concurrently under the same storage key.
+ GoTrueClient@sb-127-auth-token:1 (0.0.0) 2025-08-13T21:51:26.455Z Multiple GoTrueClient instances detected in the same browser context. It is not an error, but this should be avoided as it may produce undefined behavior when used concurrently under the same storage key.

• If debug messages are enabled, the warning will also output a trace in addition to the warning to assist the user in tracking down where their multiple instances are being created from.

- Multiple GoTrueClient instances detected in the same browser context. It is not an error, but this should be avoided as it may produce undefined behavior when used concurrently under the same storage key.
+ GoTrueClient@sb-127-auth-token:1 (0.0.0) 2025-08-13T21:51:26.455Z Multiple GoTrueClient instances detected in the same browser context. It is not an error, but this should be avoided as it may produce undefined behavior when used concurrently under the same storage key.
+ Trace: GoTrueClient@sb-127-auth-token:1 (0.0.0) 2025-08-13T21:51:26.455Z Multiple GoTrueClient instances detected in the same browser context. It is not an error, but this should be avoided as it may produce undefined behavior when used concurrently under the same storage key.
+    at new GoTrueClient (/home/user/dev/auth-js/src/GoTrueClient.ts:256:17)
+    at new SupabaseAuthClient (/home/user/dev/node_modules/.pnpm/@[email protected]/node_modules/@supabase/supabase-js/src/lib/SupabaseAuthClient.ts:6:5)
+    at SupabaseClient._initSupabaseAuthClient (/home/user/dev/node_modules/.pnpm/@[email protected]/node_modules/@supabase/supabase-js/src/SupabaseClient.ts:304:12)
+    at new SupabaseClient (/home/user/dev/node_modules/.pnpm/@[email protected]/node_modules/@supabase/supabase-js/src/SupabaseClient.ts:107:24)
+    at createClient (/home/user/dev/node_modules/.pnpm/@[email protected]/node_modules/@supabase/supabase-js/src/index.ts:40:10)
+    at createBrowserClient (/home/user/dev/node_modules/.pnpm/@[email protected]_@[email protected]/node_modules/@supabase/ssr/src/createBrowserClient.ts:121:30)
+    at createBrowserClient (/home/user/dev/lib/supabase/client.ts:16:10)
+    at /home/user/dev/mycode/thatCreatesAClient.ts:16:29
+    at processTicksAndRejections (node:internal/process/task_queues:105:5)
+    at file:///home/user/dev/node_modules/.pnpm/@[email protected]/node_modules/@vitest/runner/dist/chunk-hooks.js:752:20

Why was this change needed?

My specific use case for this is in tests where I want to have multiple clients running in parallel. One of them sets up fixtures and uses the service role, others represent different users. The nature of the tests is that they all run in the same instance, so the warning was appearing. Now I can instantiate the clients with unique storage keys and the warning will only appear if I actually have multiple clients that share those storage keys.

Closes #(issue_number)
PR in old repo

📸 Screenshots/Examples

// example with supabase-js / ssr
import { createClient  } from "@supabase/supabase-js";
import { createBrowserClient  } from "@supabase/supabase-ssr";
const fixturesClient = createClient(supabaseUrl, serviceRoleKey, { auth: { storageKey: "FIXTURES_CLIENT"}});
// create fixtures
const userClient = createBrowserClient(supabaseUrl, anonKey, { auth: { storageKey: "USER"}});
// login user 
await userClient.auth.signInWithPassword({ email, password})

🔄 Breaking changes

• This PR contains no breaking changes

📋 Checklist

• I have read the Contributing Guidelines
• My PR title follows the conventional commit format: <type>(<scope>): <description>
• I have run npx nx format to ensure consistent code formatting
• I have added tests for new functionality (if applicable)
• I have updated documentation (if applicable)

📝 Additional notes

[mandarini]

I think this change looks good and makes sense, but I also want @hf to weigh in, because I see there was a discussion in some older issue?

[coveralls]

coverage: 95.455% (+12.8%) from 82.647%
when pulling ddc429d on sh41:multiple-clients-warning-by-storage-key
into bced454 on supabase:master.

[mandarini]

@sh41 no need to update the branch each time, you're good! :D