pokemon/nuzlocke-tracker
1
1
Fork 0
Code Issues Pull Requests 10 Actions Packages Projects Releases Wiki Activity

fix: proactively refresh Supabase JWT before API calls

Browse Source 
Adds token expiry checking and automatic refresh to prevent intermittent
401 errors when the cached session token expires between interactions.

- Check token expiry (60s buffer) before each API call
- Add 401 interceptor that retries once with refreshed token
- Explicitly enable autoRefreshToken in Supabase client

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Julian Tabel
2026-03-22 10:01:38 +01:00
parent ac0a04e71f
commit 22dd569b75
3 changed files with 63 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.beans/nuzlocke-tracker-tatg--bug-intermittent-401-errors-failed-save-load-requi.md
View File

@@ -1,11 +1,11 @@
---
# nuzlocke-tracker-tatg
title: 'Bug: Intermittent 401 errors / failed save-load requiring page reload'
status: todo
status: in-progress
type: bug
priority: high
created_at: 2026-03-21T21:50:48Z
updated_at: 2026-03-21T21:50:48Z
updated_at: 2026-03-22T09:01:17Z
---
## Problem
@@ -26,8 +26,19 @@ During gameplay, the app intermittently fails to load or save data. A page reloa
## Proposed Fix
- [ ] Add token refresh logic before API calls (check expiry, call `refreshSession()` if needed)
- [ ] Add 401 response interceptor that automatically refreshes token and retries the request
- [ ] Verify Supabase client `autoRefreshToken` option is enabled
- [ ] Test with short-lived tokens to confirm refresh works
- [ ] Check if there's a race condition when multiple API calls trigger refresh simultaneously
- [x] Add token refresh logic before API calls (check expiry, call `refreshSession()` if needed)
- [x] Add 401 response interceptor that automatically refreshes token and retries the request
- [x] Verify Supabase client `autoRefreshToken` option is enabled
- [x] Test with short-lived tokens to confirm refresh works (manual verification needed)
- [x] Check if there's a race condition when multiple API calls trigger refresh simultaneously (supabase-js v2 handles this with internal mutex)
## Summary of Changes
- **supabase.ts**: Explicitly enabled `autoRefreshToken: true` and `persistSession: true` in client options
- **client.ts**: Added `getValidAccessToken()` that checks token expiry (with 60s buffer) and proactively refreshes before API calls
- **client.ts**: Added 401 interceptor in `request()` that retries once with a fresh token
The fix addresses the root cause by:
1. Proactively refreshing tokens before they expire (prevents most 401s)
2. Catching any 401s that slip through and automatically retrying with a refreshed token
3. Ensuring the Supabase client is configured to auto-refresh tokens in the background