Skip to content

fix(auth): respect user-provided auth options in createBrowserClient#167

Merged
mandarini merged 1 commit into
supabase:mainfrom
meck93:fix/auth-options-passthrough
Apr 8, 2026
Merged

fix(auth): respect user-provided auth options in createBrowserClient#167
mandarini merged 1 commit into
supabase:mainfrom
meck93:fix/auth-options-passthrough

Conversation

@meck93
Copy link
Copy Markdown
Contributor

@meck93 meck93 commented Mar 4, 2026
edited
Loading

Summary

  • createBrowserClient hardcodes autoRefreshToken, detectSessionInUrl, and persistSession after spreading options.auth, overwriting any caller-provided values
  • Use nullish coalescing (??) so explicit options are respected, falling back to current defaults (isBrowser() / true) when not set
  • Adds tests verifying passthrough of all three options

Fixes #108

@meck93 @claude
fix(auth): respect user-provided auth options in createBrowserClient
9255cd8 
autoRefreshToken, detectSessionInUrl, persistSession were hardcoded,
overwriting any user-provided options.auth.* values. Use nullish
coalescing to fall back to defaults only when not explicitly set.

Fixes supabase#108

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 4, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: f7016364-fc54-4e48-837f-6bcda2fb637b

📥 Commits

Reviewing files that changed from the base of the PR and between ea85814 and 9255cd8.

📒 Files selected for processing (2)
  • src/createBrowserClient.spec.ts
  • src/createBrowserClient.ts
📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Browser client now supports configuration of authentication options, including automatic token refresh, session detection from URL parameters, and session persistence settings, with sensible defaults.

  • Tests

    • Added test coverage for authentication configuration options and default behavior validation.

Walkthrough

The PR addresses a bug where user-provided auth options were being ignored when creating a browser client. The createBrowserClient.ts now uses nullish coalescing to respect user-provided values for autoRefreshToken, detectSessionInUrl, and persistSession while maintaining browser-appropriate defaults when these options are not specified. Corresponding test coverage has been added to verify that these options are properly passed through to the client.

Assessment against linked issues

Objective Addressed Explanation
Respect autoRefreshToken: false in auth options [#108]
Respect detectSessionInUrl: false in auth options [#108]
Respect persistSession: false in auth options [#108]
Maintain browser-appropriate defaults when auth options not provided [#108]

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@meck93
Copy link
Copy Markdown
Contributor Author

meck93 commented Mar 4, 2026

@mandarini could you have a look at it? thanks!

@mandarini mandarini merged commit 5f04837 into supabase:main Apr 8, 2026
5 checks passed
@supabase-releaser supabase-releaser Bot mentioned this pull request Apr 8, 2026
Merged
mandarini pushed a commit that referenced this pull request Apr 8, 2026
@supabase-releaser
chore(main): release 0.10.1 (#195)
6f897b8 
🤖 I have created a release *beep* *boop*
---


## [0.10.1](v0.10.0...v0.10.1)
(2026-04-08)


### Bug Fixes

* **auth:** respect user-provided auth options in createBrowserClient
([#167](#167))
([5f04837](5f04837))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
@supabase-supabase-autofixer supabase-supabase-autofixer Bot mentioned this pull request Apr 9, 2026
Merged
@mandarini mandarini mentioned this pull request May 4, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mandarini mandarini mandarini approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

autoRefreshSession: false does nothing with createBrowserClient

2 participants

@meck93 @mandarini