supabase/supabase-js

refresh token fails on the expo mobile app using supabase-js

Closed this issue · 1 comments

Bogdastotel commented

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

When using Supabase authentication and storage signed URLs in a React Native (Expo) app, the refresh token endpoint (/auth/v1/token?grant_type=refresh_token) consistently fails with network errors or 401 Unauthorized, even though the same signed URLs and tokens work perfectly in a browser. This causes all authenticated requests to fail, including playback of audio files and loading of images from Supabase Storage.

To Reproduce

Steps to reproduce the behavior:

  1. Log in to the app and obtain a valid session and refresh token.
  2. Wait for the access token to expire, triggering a refresh token request.
  3. Observe that the refresh token request to /auth/v1/token?grant_type=refresh_token fails with status code 0 or 401.
  4. Attempt to play an audio file or load an image from a Supabase Storage signed URL in the app—these requests fail, but the same URLs work in a browser.

Code snippet for refresh:

const { data, error } = await supabase.auth.refreshSession();

Code snippet for playback:

// This works in browser, fails in app
<AudioPlayer src={fullAudioUrl} />

Expected behavior

  • The refresh token endpoint should return a new access token if the refresh token is valid.
  • Signed URLs for Supabase Storage should work in the app as they do in the browser.
  • Authenticated requests should not fail with network errors or 401 if the session is valid.

Screenshots

  • [Include screenshots of network requests, error logs, and any relevant Reactotron or browser console output.]

System information

  • OS: macOS (Darwin 24.3.0)
  • Device: [e.g. iOS Simulator, Android Emulator, or physical device]
  • Browser (if applies): Chrome (works in browser)
  • Version of supabase-js: [e.g. 2.39.7]
  • Version of Node.js: [e.g. 18.16.0]
  • Expo SDK: [e.g. 49]
  • React Native: [e.g. 0.72]

Additional context

  • The Supabase project is running and not paused.
  • The same signed URLs and tokens work in the browser but not in the app.
  • The app is not behind a VPN or proxy when testing.
  • RLS is disabled on public tables, but this should not affect auth or storage.
  • The error persists after clearing storage and logging in again.
Bogdastotel commented

It turned up to be the ios simulator issue, changed the simulator and it worked... closing this one