S
Supabase4mo ago
oli

PKCE Auth flow - java.lang.IllegalArgumentException

Hi, I recently switched to the PKCE auth flow, and I'm implementing a password reset screen. However, the supabase.auth.parseSessionFromUrl() function throws a java.lang.IllegalArgumentException error and I have no clue why. Logcat: 
B1: https://myapp.com/callback?code=55793db3-8770-8980-81ee-9477db9c3f04
Deep link handling exception: java.lang.IllegalArgumentException: No access token found
B1: https://myapp.com/callback?code=55793db3-8770-8980-81ee-9477db9c3f04
Deep link handling exception: java.lang.IllegalArgumentException: No access token found
Code: 
    fun handleDeepLink(url: String) {
        screenModelScope.launch {
            try {
                log.error { "B1: $url" }
                val session = supabaseClient.auth.parseSessionFromUrl(url)
                log.error { "B2" }
                supabaseClient.auth.importSession(session)
 
            } catch (e: Exception) {
                log.error { "Deep link handling exception: $e" }
                snackbarManager.sendMessage("Failed to open link: ${e.message}")
            }
        }
    }
    fun handleDeepLink(url: String) {
        screenModelScope.launch {
            try {
                log.error { "B1: $url" }
                val session = supabaseClient.auth.parseSessionFromUrl(url)
                log.error { "B2" }
                supabaseClient.auth.importSession(session)
 
            } catch (e: Exception) {
                log.error { "Deep link handling exception: $e" }
                snackbarManager.sendMessage("Failed to open link: ${e.message}")
            }
        }
    }
However, when I switch to implicit flow, it suddenly works. (The URL is also different). Is there anyone who knows how can I make it work with PKCE?
7 Replies
j4
j44mo ago
I don't know anything about the client you're using, but this sorta makes sense. I'm guessing the parse method is designed for implicit flow - which looks for the session in the url. Where as the pkce flow is looking for the code and then needs to exchange that and the code verifier (in storage) for the session.
oli
oliOP4mo ago
Do you know the name of the function which I should use instead?
j4
j44mo ago
I'd just be looking up docs, same as you. On the javascript side, we'd send the post-auth redirect to a server api endpoint called /auth/callback, grab the code, and pass it to exchangeCodeForSession
TheRealJan
TheRealJan4mo ago
either that or there is SupabaseClient#handleDeeplinks(intent) on Android
oli
oliOP4mo ago
What would you suggest for a multiplatform project targeting Wasm, Android and iOS? Also, I wanted to ask if there is any way to find out whether to send the user to the password reset screen or just log the user in based on the PKCE code (or the session from it)
TheRealJan
TheRealJan3mo ago
iOS has a similar method, Wasm works without much configuration. You could use two different deep links, just override the redirect url when using the reset password method
oli
oliOP3mo ago
Thank you!!

Did you find this page helpful?