Skip to content

feat(auth): add sign-out reason capability#47

Merged
spydon merged 1 commit into
mainfrom
feat/auth-sign-out-reason
Jun 26, 2026
Merged

feat(auth): add sign-out reason capability#47
spydon merged 1 commit into
mainfrom
feat/auth-sign-out-reason

Conversation

@spydon

@spydon spydon commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

What

Adds a new canonical capability auth.session.sign_out_reason to the matrix, plus a spec at specs/auth/session/sign_out_reason.md.

The capability covers surfacing why a user was signed out on the sign-out auth event, so a listener can distinguish a voluntary sign-out from an involuntary one. The spec defines three SDK-agnostic, distinguishable cases:

  • user-initiated — the app explicitly called sign-out.
  • session-expired — the refresh token was rejected and the session was removed.
  • session-missing — a stored session could not be recovered.

Why

This was implemented in supabase-flutter (supabase/supabase-flutter#1453) but is not available in the other SDKs. It is worth tracking as a distinct, first-class capability across all SDKs rather than folding it into auth.session.subscribe_auth_events, so the matrix reflects parity (or the lack of it) for this specific behavior.

Notes

  • Naming of the reason values and how the reason is attached to the event are left as per-SDK implementation details; the spec only requires that the three cases are distinguishable by a listener.
  • The spec documents the cross-instance (e.g. broadcast-channel) caveat: a sign-out propagated between app instances may carry no reason.
  • Validated locally: npm run validate passes and the full vitest suite (136 tests) is green.

The Flutter sdk-compliance.yaml will be re-pointed from auth.session.subscribe_auth_events to this new id in supabase/supabase-flutter#1453.

Adds auth.session.sign_out_reason to the canonical matrix so SDKs can declare whether they surface why a user was signed out (user-initiated, session-expired, or session-missing) on the sign-out auth event.
@spydon spydon requested a review from a team as a code owner June 26, 2026 11:17
@spydon spydon merged commit 51a3abd into main Jun 26, 2026
3 checks passed
@spydon spydon deleted the feat/auth-sign-out-reason branch June 26, 2026 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants