@supabase/auth-js 2.110.0-canary.0 → 2.110.1-canary.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/dist/main/GoTrueAdminApi.d.ts +1 -4
  2. package/dist/main/GoTrueAdminApi.d.ts.map +1 -1
  3. package/dist/main/GoTrueAdminApi.js +1 -4
  4. package/dist/main/GoTrueAdminApi.js.map +1 -1
  5. package/dist/main/GoTrueClient.d.ts +32 -19
  6. package/dist/main/GoTrueClient.d.ts.map +1 -1
  7. package/dist/main/GoTrueClient.js +61 -17
  8. package/dist/main/GoTrueClient.js.map +1 -1
  9. package/dist/main/lib/errors.d.ts +1 -1
  10. package/dist/main/lib/locks.d.ts +1 -1
  11. package/dist/main/lib/locks.js +1 -1
  12. package/dist/main/lib/types.d.ts +9 -9
  13. package/dist/main/lib/version.d.ts +1 -1
  14. package/dist/main/lib/version.js +1 -1
  15. package/dist/module/GoTrueAdminApi.d.ts +1 -4
  16. package/dist/module/GoTrueAdminApi.d.ts.map +1 -1
  17. package/dist/module/GoTrueAdminApi.js +1 -4
  18. package/dist/module/GoTrueAdminApi.js.map +1 -1
  19. package/dist/module/GoTrueClient.d.ts +32 -19
  20. package/dist/module/GoTrueClient.d.ts.map +1 -1
  21. package/dist/module/GoTrueClient.js +61 -17
  22. package/dist/module/GoTrueClient.js.map +1 -1
  23. package/dist/module/lib/errors.d.ts +1 -1
  24. package/dist/module/lib/locks.d.ts +1 -1
  25. package/dist/module/lib/locks.js +1 -1
  26. package/dist/module/lib/types.d.ts +9 -9
  27. package/dist/module/lib/version.d.ts +1 -1
  28. package/dist/module/lib/version.js +1 -1
  29. package/dist/tsconfig.module.tsbuildinfo +1 -1
  30. package/dist/tsconfig.tsbuildinfo +1 -1
  31. package/package.json +3 -3
  32. package/src/GoTrueAdminApi.ts +1 -4
  33. package/src/GoTrueClient.ts +71 -20
  34. package/src/lib/errors.ts +1 -1
  35. package/src/lib/locks.ts +1 -1
  36. package/src/lib/types.ts +9 -9
  37. package/src/lib/version.ts +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@supabase/auth-js",
3
- "version": "2.110.0-canary.0",
3
+ "version": "2.110.1-canary.0",
4
4
  "private": false,
5
5
  "description": "Official SDK for Supabase Auth",
6
6
  "keywords": [
@@ -51,7 +51,7 @@
51
51
  "build": "npm run build:main && npm run build:module",
52
52
  "build:main": "tsc -p tsconfig.json",
53
53
  "build:module": "tsc -p tsconfig.module.json",
54
- "docs": "typedoc src/index.ts --out docs/v2 --excludePrivate --excludeProtected",
55
- "docs:json": "typedoc --json docs/v2/spec.json --excludeExternals --excludePrivate --excludeProtected src/index.ts"
54
+ "docs": "typedoc --options ../../../typedoc.base.mjs src/index.ts --out docs/v2 --excludePrivate --excludeProtected",
55
+ "docs:json": "typedoc --options ../../../typedoc.base.mjs --json docs/v2/spec.json --excludeExternals --excludePrivate --excludeProtected src/index.ts"
56
56
  }
57
57
  }
@@ -257,10 +257,7 @@ export default class GoTrueAdminApi {
257
257
 
258
258
  /**
259
259
  * Generates email links and OTPs to be sent via a custom email provider.
260
- * @param email The user's email.
261
- * @param options.password User password. For signup only.
262
- * @param options.data Optional user metadata. For signup only.
263
- * @param options.redirectTo The redirect url which should be appended to the generated link
260
+ * @param params The parameters for generating the link, including the link `type`, the user's `email`, and type-specific options such as `password`, `data`, and `redirectTo`.
264
261
  *
265
262
  * @category Auth
266
263
  * @subcategory Auth Admin
@@ -323,6 +323,23 @@ export default class GoTrueClient {
323
323
  * Keep extra care to never reject or throw uncaught errors
324
324
  */
325
325
  protected initializePromise: Promise<InitializeResult> | null = null
326
+ /**
327
+ * Non-null only while `initialize()` is running. While open,
328
+ * `_notifyAllSubscribers` enqueues init-chain notifications (those fired with
329
+ * `broadcast = true`, i.e. from `_recoverAndRefresh`) into this array instead
330
+ * of firing directly, so that `initializePromise` is guaranteed to be
331
+ * resolved before any subscriber callback runs. Callbacks that call
332
+ * `getSession()` / `getUser()` etc. would otherwise deadlock because those
333
+ * methods await `initializePromise`. Notifications from the incoming
334
+ * BroadcastChannel handler (`broadcast = false`) are not enqueued — they fire
335
+ * immediately. Flushed (in order) by `initialize()` after `initializePromise`
336
+ * settles.
337
+ */
338
+ private _pendingInitNotifications: Array<{
339
+ event: AuthChangeEvent
340
+ session: Session | null
341
+ broadcast: boolean
342
+ }> | null = null
326
343
  protected detectSessionInUrl:
327
344
  | boolean
328
345
  | ((url: URL, params: { [parameter: string]: string }) => boolean) = true
@@ -584,6 +601,16 @@ export default class GoTrueClient {
584
601
  return await this.initializePromise
585
602
  }
586
603
 
604
+ // Open the notification queue before _initialize() runs so that every
605
+ // _notifyAllSubscribers call inside the init chain enqueues instead of
606
+ // firing. Without this, a callback receiving SIGNED_IN (or TOKEN_REFRESHED
607
+ // / SIGNED_OUT) during _recoverAndRefresh would deadlock if it called
608
+ // getSession() / getUser() — those methods await initializePromise, which
609
+ // can only resolve after the callback returns, which can only return after
610
+ // getSession() resolves. The queue is flushed below after initializePromise
611
+ // has settled, so callbacks run with a fully resolved initializePromise.
612
+ this._pendingInitNotifications = []
613
+
587
614
  this.initializePromise = (async () => {
588
615
  if (this.lock != null) {
589
616
  // TODO(v3): remove legacy lock path
@@ -594,7 +621,17 @@ export default class GoTrueClient {
594
621
  return await this._initialize()
595
622
  })()
596
623
 
597
- return await this.initializePromise
624
+ const result = await this.initializePromise
625
+
626
+ // initializePromise is now resolved — flush queued notifications in order.
627
+ // Callbacks can safely call getSession() / getUser() / signOut() etc.
628
+ const queue = this._pendingInitNotifications ?? []
629
+ this._pendingInitNotifications = null
630
+ for (const n of queue) {
631
+ await this._notifyAllSubscribers(n.event, n.session, n.broadcast)
632
+ }
633
+
634
+ return result
598
635
  }
599
636
 
600
637
  /**
@@ -2692,7 +2729,7 @@ export default class GoTrueClient {
2692
2729
  * to the client. If that storage is based on request cookies for example,
2693
2730
  * the values in it may not be authentic and therefore it's strongly advised
2694
2731
  * against using this method and its results in such circumstances. A warning
2695
- * will be emitted if this is detected. Use {@link #getUser()} instead.
2732
+ * will be emitted if this is detected. Use {@link GoTrueClient.getUser} instead.
2696
2733
  *
2697
2734
  * @category Auth
2698
2735
  *
@@ -2861,7 +2898,7 @@ export default class GoTrueClient {
2861
2898
  }
2862
2899
 
2863
2900
  /**
2864
- * Use instead of {@link #getSession} inside the library. Loads the session
2901
+ * Use instead of {@link GoTrueClient.getSession} inside the library. Loads the session
2865
2902
  * via `__loadSession` (which may trigger a refresh if the access token is
2866
2903
  * within the expiry margin) and runs `fn` with the result.
2867
2904
  */
@@ -2906,7 +2943,7 @@ export default class GoTrueClient {
2906
2943
  /**
2907
2944
  * NEVER USE DIRECTLY!
2908
2945
  *
2909
- * Always use {@link #_useSession}.
2946
+ * Always use `_useSession`.
2910
2947
  */
2911
2948
  private async __loadSession(): Promise<
2912
2949
  | {
@@ -5011,6 +5048,20 @@ export default class GoTrueClient {
5011
5048
  session: Session | null,
5012
5049
  broadcast = true
5013
5050
  ) {
5051
+ if (this._pendingInitNotifications !== null && broadcast) {
5052
+ // We're inside initialize() before initializePromise has resolved, and
5053
+ // this notification originates from the init chain (_recoverAndRefresh),
5054
+ // which always fires with broadcast = true. Enqueue instead of firing so
5055
+ // that callbacks can safely call getSession() / getUser() without
5056
+ // deadlocking on initializePromise.
5057
+ //
5058
+ // Notifications with broadcast = false come from the incoming
5059
+ // BroadcastChannel handler (a cross-tab event), not the init chain, so
5060
+ // they are fired immediately to preserve multi-tab ordering.
5061
+ this._pendingInitNotifications.push({ event, session, broadcast })
5062
+ return
5063
+ }
5064
+
5014
5065
  const debugName = `#_notifyAllSubscribers(${event})`
5015
5066
  this._debug(debugName, 'begin', session, `broadcast = ${broadcast}`)
5016
5067
 
@@ -5114,8 +5165,8 @@ export default class GoTrueClient {
5114
5165
  /**
5115
5166
  * Removes any registered visibilitychange callback.
5116
5167
  *
5117
- * {@see #startAutoRefresh}
5118
- * {@see #stopAutoRefresh}
5168
+ * {@link GoTrueClient.startAutoRefresh}
5169
+ * {@link GoTrueClient.stopAutoRefresh}
5119
5170
  */
5120
5171
  private _removeVisibilityChangedCallback() {
5121
5172
  this._debug('#_removeVisibilityChangedCallback()')
@@ -5133,7 +5184,7 @@ export default class GoTrueClient {
5133
5184
  }
5134
5185
 
5135
5186
  /**
5136
- * This is the private implementation of {@link #startAutoRefresh}. Use this
5187
+ * This is the private implementation of {@link GoTrueClient.startAutoRefresh}. Use this
5137
5188
  * within the library.
5138
5189
  */
5139
5190
  private async _startAutoRefresh() {
@@ -5179,7 +5230,7 @@ export default class GoTrueClient {
5179
5230
  }
5180
5231
 
5181
5232
  /**
5182
- * This is the private implementation of {@link #stopAutoRefresh}. Use this
5233
+ * This is the private implementation of {@link GoTrueClient.stopAutoRefresh}. Use this
5183
5234
  * within the library.
5184
5235
  */
5185
5236
  private async _stopAutoRefresh() {
@@ -5220,7 +5271,7 @@ export default class GoTrueClient {
5220
5271
  * platform's foreground indication mechanism and call these methods
5221
5272
  * appropriately to conserve resources.
5222
5273
  *
5223
- * {@see #stopAutoRefresh}
5274
+ * {@link GoTrueClient.stopAutoRefresh}
5224
5275
  *
5225
5276
  * @category Auth
5226
5277
  *
@@ -5255,7 +5306,7 @@ export default class GoTrueClient {
5255
5306
  * If you call this method any managed visibility change callback will be
5256
5307
  * removed and you must manage visibility changes on your own.
5257
5308
  *
5258
- * See {@link #startAutoRefresh} for more details.
5309
+ * See {@link GoTrueClient.startAutoRefresh} for more details.
5259
5310
  *
5260
5311
  * @category Auth
5261
5312
  *
@@ -5577,7 +5628,7 @@ export default class GoTrueClient {
5577
5628
  }
5578
5629
 
5579
5630
  /**
5580
- * {@see GoTrueMFAApi#enroll}
5631
+ * {@link GoTrueMFAApi#enroll}
5581
5632
  */
5582
5633
  private async _enroll(params: MFAEnrollTOTPParams): Promise<AuthMFAEnrollTOTPResponse>
5583
5634
  private async _enroll(params: MFAEnrollPhoneParams): Promise<AuthMFAEnrollPhoneResponse>
@@ -5624,7 +5675,7 @@ export default class GoTrueClient {
5624
5675
  }
5625
5676
 
5626
5677
  /**
5627
- * {@see GoTrueMFAApi#verify}
5678
+ * {@link GoTrueMFAApi#verify}
5628
5679
  */
5629
5680
  private async _verify(params: MFAVerifyTOTPParams): Promise<AuthMFAVerifyResponse>
5630
5681
  private async _verify(params: MFAVerifyPhoneParams): Promise<AuthMFAVerifyResponse>
@@ -5713,7 +5764,7 @@ export default class GoTrueClient {
5713
5764
  }
5714
5765
 
5715
5766
  /**
5716
- * {@see GoTrueMFAApi#challenge}
5767
+ * {@link GoTrueMFAApi#challenge}
5717
5768
  */
5718
5769
  private async _challenge(
5719
5770
  params: MFAChallengeTOTPParams
@@ -5808,7 +5859,7 @@ export default class GoTrueClient {
5808
5859
  }
5809
5860
 
5810
5861
  /**
5811
- * {@see GoTrueMFAApi#challengeAndVerify}
5862
+ * {@link GoTrueMFAApi#challengeAndVerify}
5812
5863
  */
5813
5864
  private async _challengeAndVerify(
5814
5865
  params: MFAChallengeAndVerifyParams
@@ -5828,7 +5879,7 @@ export default class GoTrueClient {
5828
5879
  }
5829
5880
 
5830
5881
  /**
5831
- * {@see GoTrueMFAApi#listFactors}
5882
+ * {@link GoTrueMFAApi#listFactors}
5832
5883
  */
5833
5884
  private async _listFactors(): Promise<AuthMFAListFactorsResponse> {
5834
5885
  const {
@@ -5861,7 +5912,7 @@ export default class GoTrueClient {
5861
5912
  }
5862
5913
 
5863
5914
  /**
5864
- * {@see GoTrueMFAApi#getAuthenticatorAssuranceLevel}
5915
+ * {@link GoTrueMFAApi#getAuthenticatorAssuranceLevel}
5865
5916
  */
5866
5917
  private async _getAuthenticatorAssuranceLevel(
5867
5918
  jwt?: string
@@ -6209,15 +6260,15 @@ export default class GoTrueClient {
6209
6260
  * Extracts the JWT claims present in the access token by first verifying the
6210
6261
  * JWT against the server's JSON Web Key Set endpoint
6211
6262
  * `/.well-known/jwks.json` which is often cached, resulting in significantly
6212
- * faster responses. Prefer this method over {@link #getUser} which always
6263
+ * faster responses. Prefer this method over {@link GoTrueClient.getUser} which always
6213
6264
  * sends a request to the Auth server for each JWT.
6214
6265
  *
6215
6266
  * If the project is not using an asymmetric JWT signing key (like ECC or
6216
- * RSA) it always sends a request to the Auth server (similar to {@link
6217
- * #getUser}) to verify the JWT.
6267
+ * RSA) it always sends a request to the Auth server (similar to
6268
+ * {@link GoTrueClient.getUser}) to verify the JWT.
6218
6269
  *
6219
6270
  * @param jwt An optional specific JWT you wish to verify, not the one you
6220
- * can obtain from {@link #getSession}.
6271
+ * can obtain from {@link GoTrueClient.getSession}.
6221
6272
  * @param options Various additional options that allow you to customize the
6222
6273
  * behavior of this method.
6223
6274
  *
package/src/lib/errors.ts CHANGED
@@ -16,7 +16,7 @@ export class AuthError extends Error {
16
16
  * Error code associated with the error. Most errors coming from
17
17
  * HTTP responses will have a code, though some errors that occur
18
18
  * before a response is received will not have one present. In that
19
- * case {@link #status} will also be undefined.
19
+ * case {@link AuthError.status} will also be undefined.
20
20
  */
21
21
  code: ErrorCode | (string & {}) | undefined
22
22
 
package/src/lib/locks.ts CHANGED
@@ -302,7 +302,7 @@ const PROCESS_LOCKS: { [name: string]: Promise<any> } = {}
302
302
  * Useful for environments like React Native or other non-browser
303
303
  * single-process (i.e. no concept of "tabs") environments.
304
304
  *
305
- * Use {@link #navigatorLock} in browser environments.
305
+ * Use {@link navigatorLock} in browser environments.
306
306
  *
307
307
  * @param name Name of the lock to be acquired.
308
308
  * @param acquireTimeout If negative, no timeout. If 0 an error is thrown if
package/src/lib/types.ts CHANGED
@@ -228,7 +228,7 @@ export type RequestResult<T, ErrorType extends Error = AuthError> =
228
228
 
229
229
  /**
230
230
  * similar to RequestResult except it allows you to destructure the possible shape of the success response
231
- * {@see RequestResult}
231
+ * {@link RequestResult}
232
232
  */
233
233
  export type RequestResultSafeDestructure<T> =
234
234
  | { data: T; error: null }
@@ -251,7 +251,7 @@ export type AuthResponsePassword = RequestResultSafeDestructure<{
251
251
  /**
252
252
  * AuthOtpResponse is returned when OTP is used.
253
253
  *
254
- * {@see AuthResponse}
254
+ * {@link AuthResponse}
255
255
  */
256
256
  export type AuthOtpResponse = RequestResultSafeDestructure<{
257
257
  user: null
@@ -407,7 +407,7 @@ type FactorVerificationStatus = (typeof FactorVerificationStatuses)[number]
407
407
  *
408
408
  * @see {@link GoTrueMFAApi#enroll}
409
409
  * @see {@link GoTrueMFAApi#listFactors}
410
- * @see {@link GoTrueMFAAdminApi#listFactors}
410
+ * @see {@link GoTrueAdminMFAApi#listFactors}
411
411
  */
412
412
  export type Factor<
413
413
  Type extends FactorType = FactorType,
@@ -1691,14 +1691,14 @@ export interface GoTrueMFAApi {
1691
1691
  }
1692
1692
 
1693
1693
  /**
1694
- * @expermental
1694
+ * @experimental
1695
1695
  */
1696
1696
  export type AuthMFAAdminDeleteFactorResponse = RequestResult<{
1697
1697
  /** ID of the factor that was successfully deleted. */
1698
1698
  id: string
1699
1699
  }>
1700
1700
  /**
1701
- * @expermental
1701
+ * @experimental
1702
1702
  */
1703
1703
  export type AuthMFAAdminDeleteFactorParams = {
1704
1704
  /** ID of the MFA factor to delete. */
@@ -1709,7 +1709,7 @@ export type AuthMFAAdminDeleteFactorParams = {
1709
1709
  }
1710
1710
 
1711
1711
  /**
1712
- * @expermental
1712
+ * @experimental
1713
1713
  */
1714
1714
  export type AuthMFAAdminListFactorsResponse = RequestResult<{
1715
1715
  /** All factors attached to the user. */
@@ -1717,7 +1717,7 @@ export type AuthMFAAdminListFactorsResponse = RequestResult<{
1717
1717
  }>
1718
1718
 
1719
1719
  /**
1720
- * @expermental
1720
+ * @experimental
1721
1721
  */
1722
1722
  export type AuthMFAAdminListFactorsParams = {
1723
1723
  /** ID of the user. */
@@ -1727,7 +1727,7 @@ export type AuthMFAAdminListFactorsParams = {
1727
1727
  /**
1728
1728
  * Contains the full multi-factor authentication administration API.
1729
1729
  *
1730
- * @expermental
1730
+ * @experimental
1731
1731
  */
1732
1732
  export interface GoTrueAdminMFAApi {
1733
1733
  /**
@@ -1769,7 +1769,7 @@ export interface GoTrueAdminMFAApi {
1769
1769
  *
1770
1770
  * @see {@link GoTrueMFAApi#unenroll}
1771
1771
  *
1772
- * @expermental
1772
+ * @experimental
1773
1773
  *
1774
1774
  * @category Auth
1775
1775
  * @subcategory Auth Admin
@@ -4,4 +4,4 @@
4
4
  // - Debugging and support (identifying which version is running)
5
5
  // - Telemetry and logging (version reporting in errors/analytics)
6
6
  // - Ensuring build artifacts match the published package version
7
- export const version = '2.110.0-canary.0'
7
+ export const version = '2.110.1-canary.0'