Supabase•2w ago

PKCE Auth flow - java.lang.IllegalArgumentException

Hi, I recently switched to the PKCE auth flow, and I'm implementing a password reset screen. However, the supabase.auth.parseSessionFromUrl() function throws a java.lang.IllegalArgumentException error and I have no clue why. Logcat:

B1: https://myapp.com/callback?code=55793db3-8770-8980-81ee-9477db9c3f04
Deep link handling exception: java.lang.IllegalArgumentException: No access token found

B1: https://myapp.com/callback?code=55793db3-8770-8980-81ee-9477db9c3f04
Deep link handling exception: java.lang.IllegalArgumentException: No access token found

Code:

    fun handleDeepLink(url: String) {
        screenModelScope.launch {
            try {
                log.error { "B1: $url" }
                val session = supabaseClient.auth.parseSessionFromUrl(url)
                log.error { "B2" }
                supabaseClient.auth.importSession(session)
 
            } catch (e: Exception) {
                log.error { "Deep link handling exception: $e" }
                snackbarManager.sendMessage("Failed to open link: ${e.message}")
            }
        }
    }

    fun handleDeepLink(url: String) {
        screenModelScope.launch {
            try {
                log.error { "B1: $url" }
                val session = supabaseClient.auth.parseSessionFromUrl(url)
                log.error { "B2" }
                supabaseClient.auth.importSession(session)
 
            } catch (e: Exception) {
                log.error { "Deep link handling exception: $e" }
                snackbarManager.sendMessage("Failed to open link: ${e.message}")
            }
        }
    }

However, when I switch to implicit flow, it suddenly works. (The URL is also different). Is there anyone who knows how can I make it work with PKCE?

7 Replies

j4•2w ago

I don't know anything about the client you're using, but this sorta makes sense. I'm guessing the parse method is designed for implicit flow - which looks for the session in the url. Where as the pkce flow is looking for the code and then needs to exchange that and the code verifier (in storage) for the session.

oliOP•2w ago

Do you know the name of the function which I should use instead?

j4•2w ago

I'd just be looking up docs, same as you. On the javascript side, we'd send the post-auth redirect to a server api endpoint called /auth/callback, grab the code, and pass it to exchangeCodeForSession

TheRealJan•2w ago

either that or there is SupabaseClient#handleDeeplinks(intent) on Android

oliOP•7d ago

What would you suggest for a multiplatform project targeting Wasm, Android and iOS? Also, I wanted to ask if there is any way to find out whether to send the user to the password reset screen or just log the user in based on the PKCE code (or the session from it)

TheRealJan•5d ago

iOS has a similar method, Wasm works without much configuration. You could use two different deep links, just override the redirect url when using the reset password method

oliOP•4d ago

Thank you!!

Gaming

Programming

PKCE Auth flow - java.lang.IllegalArgumentException

Did you find this page helpful?