SupabaseS
Supabase6mo ago
Thed

Auth ?grant_type=refresh_token 429

I'm on a Free Supabase plan.

On 06-24 20:48 I've released the latest version of my app.

Today, I've got reports that users aren't able to login anymore. From the Supabase logs, it's clear that ?grant_type=refresh_token endpoint is being rate limited. Whats suspicious, is that from 06-24 up till today 07-01 there were no such issue registered. Users we're using the application as expected, able to log-in, refresh the session and use the application. There were no production code modifications during the period of 06-24-07-01.

The authentication is happening with my custom REST API, here's the initialisation part on a bun runtime:
import { createClient } from "@supabase/supabase-js";

const supabaseUrl = process.env.SUPABASE_URL!;
const supabaseServiceKey = process.env.SUPABASE_SERVICE_KEY!;

export const supabase = createClient(supabaseUrl, supabaseServiceKey, {
    auth: {
        autoRefreshToken: false, // false, because I control this on my own
        persistSession: false,
    },
});


/sign-in endpoint:
const { email, password } = c.req.valid("json");

        const { data, error } = await supabase.auth.signInWithPassword({
            email,
            password,
        });

        if (error) handleSupabaseAuthError(error);

        if (!data.session) {
            throw new ApiError(
                AUTH_MESSAGES.AUTH.INVALID_CREDENTIALS,
                401,
                "AUTH_ERROR"
            );
        }

        return c.json({
            message: "Login successful.",
            access_token: data.session.access_token,
            refresh_token: data.session.refresh_token,
        });


I'm on:
"@supabase/supabase-js": "^2.48.1",


I'm really concerned how did the issue started to appear today if the last production code both for client and server made was on 06-24 and the latest migration submitted to Supabase was on 06-22.
Was this page helpful?