OAuth PKCE documentation needs an update for `createClient`
I was attempting to use the PKCE flow for google OAuth login but kept getting a result where the supabase auth endpoint would redirect to my url with an access token and other values at
After debugging and digging through mounds of issues and examples, I found that I needed to set a config option when using
None of the examples in the high-level OAuth documentation or facebook/google oauth docs said this needed to be done, and all the posts and issues I found did not mention anything about this (maybe because most of them are using
I did finally end up on this page of the js client docs and found the configuration.
The most confusing part of all of this is that none of the other pkce flows for internal authentication required this configuration. E.g., registration, magiclink, email and phone verification all worked with the OTP.
<redirecturl>#<values>, and there was no code to exchange but it had a supabase access token.After debugging and digging through mounds of issues and examples, I found that I needed to set a config option when using
createClient@supabasejs/supabase-js library. This tells the authNone of the examples in the high-level OAuth documentation or facebook/google oauth docs said this needed to be done, and all the posts and issues I found did not mention anything about this (maybe because most of them are using
createServerClient from the ssr package?).I did finally end up on this page of the js client docs and found the configuration.
The most confusing part of all of this is that none of the other pkce flows for internal authentication required this configuration. E.g., registration, magiclink, email and phone verification all worked with the OTP.
Supabase API reference for JavaScript: Exchange an auth code for a session
