https://supabase.com/ logo
#help
Title
# help
a

anand

01/06/2022, 10:41 AM
using discord oauth with supabase why isn't the access_token being sent as a query param?
k

ktosiek

01/06/2022, 11:00 AM
I guess the assumption is that you are authenticating from a JS client app, so the backend doesn't need the tokens.
x

xtc

01/06/2022, 11:14 AM
@User more often than not, tokens are usually sent as a fragment (#) to mitigate in any risk in the token ending up on logs (when sent as a query) as the fragment is stripped by the browser.
a

anand

01/06/2022, 11:15 AM
ah right
unsure how to go about this now i'm using sveltekit rn, and in my index.svelte i have a login button that calls
supabase.auth.signIn
(for discord oauth2). i then use a sveltekit endpoint as the callback after authorization, and in the endpoint i need the access token to fetch the user's data from discord itself, but as it's being sent as a fragment i'm not able to access them. calling
supabase.auth.session()
in the endpoint also seems to return null
x

xtc

01/06/2022, 11:18 AM
I haven't used sevltekit but I'm guessing you can just pull the token from the fragment, no?
in JS, this is
location.hash
k

ktosiek

01/06/2022, 11:19 AM
you'll need to push the tokens to your server on your own, preferably as POST body (to avoid dropping them into logs, as @User mentioned earlier)
a

anand

01/06/2022, 11:26 AM
alright, thanks 😄 i'll try both