S
Supabase•2w ago
Jool

Refresh tokens and persistent sessions, C#

I'm having some problems getting refresh tokens to work on both desktop and android app. The session is saved to disk with a refresh token, but when loaded it only works within an hour of saving, which I assume means it is actually using the Access Token? This is my Initialization logic in C#: 
SupabaseOptions options = new()
{
  AutoRefreshToken = true,
  AutoConnectRealtime = true,
  SessionHandler = new MySessionHandler(),
};
public static Supabase.Client SupabaseClient = new Supabase.Client(Global.SupaBaseUrl, Global.SupaBasePublicKey, options);

SupabaseClient.Auth.LoadSession();
var session = await SupabaseClient.Auth.RetrieveSessionAsync();
if (session == null)
{
  await SupabaseClient.InitializeAsync();
  //goto loginscreen
}
SupabaseOptions options = new()
{
  AutoRefreshToken = true,
  AutoConnectRealtime = true,
  SessionHandler = new MySessionHandler(),
};
public static Supabase.Client SupabaseClient = new Supabase.Client(Global.SupaBaseUrl, Global.SupaBasePublicKey, options);

SupabaseClient.Auth.LoadSession();
var session = await SupabaseClient.Auth.RetrieveSessionAsync();
if (session == null)
{
  await SupabaseClient.InitializeAsync();
  //goto loginscreen
}
Am I using this incorrectly?
5 Replies
j4
j4•2w ago
If you're talking about refresh tokens for the same session, they can only be used once* What error(s) are you getting?
Jool
JoolOP•2w ago
No errors, but I need to sign in manually after the 1 hour has passed.
garyaustin
garyaustin•2w ago
Look in the auth log and see what if anything is going on with the token refreshing. You are using C# so probably won't have many users here able to help. You might put that in your title though.
Jool
JoolOP•7d ago
Thanks, will do that! I get two events in the log with the exact same timestamp, one token_refreshed and one token_revoked. Is that normal behaviour? Although I guess that makes sense if they are one-time use. It seems that you only need to call LoadSession, and can remove both the InitializeAsync and RetrieveSessionAsync. Maybe that will help. I guess I will see in an hour 😉 Alright, I have been trying some things, but still can't get it to work. Thankful for any help! If i call LoadSession() before InitializeAsync() I get the following logs in my app: 
Session loaded from file.
Session file deleted.
Session saved to file.
Session file deleted.
Session loaded from file.
Session file deleted.
Session saved to file.
Session file deleted.
If I call InitializeAsync() first, and then LoadSession(), I do get logged in successfully through the Refresh Token, but for subsequent actions I get a 401 error code: Invalid JWT. The following log though: 
Session loaded from file.
Session file deleted.
Session saved to file.
Session loaded from file.
Session file deleted.
Session saved to file.
Any ideas what this could mean? or am I misunderstanding how the refresh tokens are supposed to work? After adding a debuglistener, I get an Error: Loaded session has expired, but I thought that they didn't expire, except for when being used? Well, after some testing, it seems that the login works as it should, but I get an error that the JWT has expired.
j4
j4•6d ago
I think most of the SDK clients are supposed to refresh automatically, but I've no idea about the one you're using. An expired JWT should be fine, as long as the client is refreshing it.

Did you find this page helpful?