How to handle Supabase Auth in offline-first React Native apps without logging users out?
Hey,
I'm using Supabase Auth in a React Native app, and I'm running into a problem with offline support.
When a user opens the app without an internet connection, the session eventually expires after refresh token retries fail, and the user is logged out. This breaks the offline first experience ideally, the user should stay logged in and be able to access locally stored content even without connectivity. For context this is not possible as the app only allows access to certain screens if the user is authenticated.
What I’d like to achieve:
- The user opens the app without internet and stays logged in.
- Once the connection is restored, the session refreshes normally in the background.
- The user is only logged out if the refresh token is truly invalid not just because there was no connection at the time.
From what I’ve read, this behavior seems to be tied to how auth handles session persistence and refresh. I’ve gone through these related discussions but haven’t found a clear workaround:
- https://github.com/orgs/supabase/discussions/36906
- https://github.com/supabase/auth-js/issues/141
- https://github.com/orgs/supabase/discussions/36434
Has anyone figured out a workaround?
Thanks
GitHub
[React Native] Supabase Auth session lost when starting app offline...
In my React Native app, Supabase Auth does not persist user sessions when the app is started without internet access. Even though persistSession: true and AsyncStorage are set, the user is logged o...
GitHub
Network error removes session data · Issue #141 · supabase/auth-js
Bug report Describe the bug By looking at the code here, it seems like whenever user opens the app while offline, the session is deleted. const { error } = await this._callRefreshToken(currentSessi...
GitHub
How to Use Supabase Authentication Offline · supabase · Discussio...
Good evening, We are developing an application using React Native with the Expo framework, and Supabase as the backend. One of our key requirements is offline functionality. While we've found m...
8 Replies
This long thread also covers ground in this area with no clear solution.
https://github.com/orgs/supabase/discussions/357
GitHub
Using Supabase offline · supabase · Discussion #357
Update: we will explore this but continue to use the tools listed Hi! Is it possible to use Supabase offline at the moment? And have it automatically persist changes when an Internet connection is ...
In short, I need to keep the user authenticated while offline, rather than automatically logging them out if the token can’t be refreshed. By “authenticated,” I mean the app should retain the user info and token from persistent storage, which is already in place. Logout should only happen if the token refresh explicitly fails because the token is invalid. Unfortunately, I haven’t found a straightforward way to achieve this behavior. I'm using a local database, so ideally, I just need the Supabase auth "gateway" to support offline mode, I'm curious how others handled it
The client as I understand it, and reading thru that thread every 6 months or so, clears out the session (and local storage) when there is a network error. So there is no way currently unless there is new info there.
Not sure if you could add a go between local storage handler to block the clearing in the case of offline or not. If that is even enough as the session will also be cleared in the client so won't be there when the network comes back.
If local storage does persist then it would be a matter of detecting online and doing a refreshSession.
Ahh, this is a major limitation for me, and I’m disappointed I didn’t catch it before migrating from Firebase Auth. It really impacts my ability to make the app local first, which is one of its core principles.
I’m considering whether disabling auto-refresh and persistence, and instead managing both manually, might be a workaround. Something like:
- When the user logs in, I manually store the auth data
- Set up a routine to refresh the token at regular intervals
- When offline, rely entirely on the cached data and only attempt a token refresh once the network is back
Still, this feels far from ideal. It adds unnecessary complexity to my side, and since I don’t fully understand all the internal mechanisms, there’s a risk something could break in ways I can’t predict
There is no guide and nothing other than their source and observation on how the auth-js client handles the network error it gets when offline happens. I think it retries for a bit. Then I believe I've read kills the session, but I've not tested it. It has been so long since I looked into it as I came from Firebase and needed basic offline functionality. But I never finished the app to the point I did more than make a note have to deal with it at some point. That was 3 years ago.
If that thread had no suggestions and auth-js issues had no work arounds then you are on your own to sort it.
Running offline is not too bad as there are lots of nice local DB tools to store stuff. I was storing files locally for upload upon return. It is coming back after things go back online. And having to intercept any calls to the DB, but I had a shim that I did my app calls in and then converted to SB calls so could deal with offline if needed. Did not really get far into the auth part.
Im using powersync, so most of the offline logic is taken away from me and I just need to managed what would be the simple parts, which is calling supabase methods to sync data, pretty straighforward and simple, I was surprised by the auth part, I guess I will have to take some time to look into the source and hopefully get to someone solution without a major refactor
Also, big thank you for taking the time to answer and provide valuable info
I don't think powersync was really an option back when I was doing this.
Hey @garyaustin I’ve done some testing and noticed a few limitations. If I’m still calling Supabase methods, it will handle tokens internally, which can trigger events like token refreshes. This can cause my own logic layer to get out of sync.
In short, there’s no single source of truth. I’d have to sync my tokens to Supabase, and also update my store whenever Supabase changes its tokens. From my perspective, this pattern feels error prone and unpleasant to manage. I’m really curious if anyone has implemented something similar and how they approached it.