fix(realtime): setAuth not required on custom jwt token

When a custom jwt token is provided we no longer require setAuth to be called with the custom jwt

Author: filipecabaco

packages/core/supabase-js/src/SupabaseClient.ts

@@ -156,6 +156,11 @@ export default class SupabaseClient<
       accessToken: this._getAccessToken.bind(this),
       ...settings.realtime,
     })
+    if (this.accessToken) {
+      this.realtime.setAuth().catch((e) => {
+        console.warn('Failed to set initial Realtime auth token:', e)
+      })
+    }
     this.rest = new PostgrestClient(new URL('rest/v1', baseUrl).href, {
       headers: this.headers,
       schema: settings.db.schema,

packages/core/supabase-js/test/integration.test.ts

@@ -316,6 +316,52 @@ describe('Supabase Integration Tests', () => {
       expect(receivedMessage).toBeDefined()
       expect(supabase.realtime.getChannels().length).toBe(1)
     }, 10000)
+
+    test('should automatically set auth token when using custom JWT without manual setAuth()', async () => {
+      // Sign up a user with the normal client to get a real JWT token
+      await supabase.auth.signOut()
+      const email = `custom-jwt-${Date.now()}@example.com`
+      const password = 'password123'
+      const { data: signUpData } = await supabase.auth.signUp({ email, password })
+      expect(signUpData.session).toBeDefined()
+      const realJwtToken = signUpData.session!.access_token
+
+      const customJwtClient = createClient(SUPABASE_URL, ANON_KEY, {
+        accessToken: async () => realJwtToken,
+        realtime: {
+          heartbeatIntervalMs: 500,
+          ...(wsTransport && { transport: wsTransport }),
+        },
+      })
+
+      await new Promise((resolve) => setTimeout(resolve, 100))
+
+      expect((customJwtClient.realtime as any).accessTokenValue).toBe(realJwtToken)
+
+      const customChannelName = `custom-jwt-channel-${crypto.randomUUID()}`
+      const config = { broadcast: { self: true }, private: true }
+      const customChannel = customJwtClient.channel(customChannelName, { config })
+
+      expect((customChannel as any).joinPush.payload.access_token).toBe(realJwtToken)
+
+      let subscribed = false
+      let attempts = 0
+
+      customChannel.subscribe((status) => {
+        if (status == 'SUBSCRIBED') subscribed = true
+      })
+
+      while (!subscribed) {
+        if (attempts > 50) throw new Error('Timeout waiting for subscription')
+        await new Promise((resolve) => setTimeout(resolve, 100))
+        attempts++
+      }
+
+      expect(subscribed).toBe(true)
+      expect(customJwtClient.realtime.getChannels().length).toBe(1)
+
+      await customJwtClient.removeAllChannels()
+    }, 10000)
   })
 })
 

packages/core/supabase-js/test/unit/SupabaseClient.test.ts

@@ -259,6 +259,61 @@ describe('SupabaseClient', () => {
     })
 
     describe('Realtime Authentication', () => {
+      test('should automatically call setAuth() when accessToken option is provided', async () => {
+        const customToken = 'custom-jwt-token'
+        const customAccessTokenFn = jest.fn().mockResolvedValue(customToken)
+        const client = createClient(URL, KEY, { accessToken: customAccessTokenFn })
+
+        await new Promise((resolve) => setTimeout(resolve, 0))
+
+        expect((client.realtime as any).accessTokenValue).toBe(customToken)
+        expect(customAccessTokenFn).toHaveBeenCalled()
+      })
+
+      test('should automatically populate token in channels when using custom JWT', async () => {
+        const customToken = 'custom-channel-token'
+        const customAccessTokenFn = jest.fn().mockResolvedValue(customToken)
+        const client = createClient(URL, KEY, { accessToken: customAccessTokenFn })
+
+        await new Promise((resolve) => setTimeout(resolve, 0))
+
+        const channel = client.channel('test-channel')
+        channel.subscribe()
+
+        expect((channel as any).joinPush.payload.access_token).toBe(customToken)
+        expect((client.realtime as any).accessTokenValue).toBe(customToken)
+      })
+
+      test('should handle errors gracefully when accessToken callback fails', async () => {
+        const consoleWarnSpy = jest.spyOn(console, 'warn').mockImplementation(() => {})
+        const error = new Error('Token fetch failed')
+        const failingAccessTokenFn = jest.fn().mockRejectedValue(error)
+
+        const client = createClient(URL, KEY, { accessToken: failingAccessTokenFn })
+
+        await new Promise((resolve) => setTimeout(resolve, 0))
+
+        expect(consoleWarnSpy).toHaveBeenCalledWith(
+          'Failed to set initial Realtime auth token:',
+          error
+        )
+        expect(client).toBeDefined()
+        expect(client.realtime).toBeDefined()
+
+        consoleWarnSpy.mockRestore()
+      })
+
+      test('should not call setAuth() automatically in normal mode', async () => {
+        const client = createClient(URL, KEY)
+        const setAuthSpy = jest.spyOn(client.realtime, 'setAuth')
+
+        await new Promise((resolve) => setTimeout(resolve, 10))
+
+        expect(setAuthSpy).not.toHaveBeenCalled()
+
+        setAuthSpy.mockRestore()
+      })
+
       test('should provide access token to realtime client', async () => {
         const expectedToken = 'test-jwt-token'
         const client = createClient(URL, KEY)