fix(auth): replace trait with runtime configuration flag (#844)

grdsdev · claude · web-flow · commit e0bdfe897737 · 2025-11-03T09:58:35.000-03:00
* fix(auth): replace trait with runtime configuration flag Replaces the EmitLocalSessionAsInitialSession trait with a runtime configuration flag to resolve compatibility issues with Xcode projects and align with Apple's trait guidelines. ## Changes - Added `emitLocalSessionAsInitialSession: Bool` property to `AuthClient.Configuration` - Defaults to `false` for backward compatibility - Will change to `true` in next major release - Replaced conditional compilation (`#if EmitLocalSessionAsInitialSession`) with runtime checks - Updated deprecation warning to reference the new configuration option - Added tests for both behaviors (old and new) - Removed `EmitLocalSessionAsInitialSession` trait from Package@swift-6.1.swift ## Benefits - Works in all project types (Xcode, SPM, CocoaPods) - No recompilation required to change behavior - Better discoverability through autocomplete and docs - Complies with Apple's trait guidelines (traits must be strictly additive) ## Migration Users who want the new behavior can now set: ```swift AuthClient( // ... other config emitLocalSessionAsInitialSession: true ) ``` Resolves compatibility issues where Xcode projects cannot enable package traits. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * fix(auth): add emitLocalSessionAsInitialSession to SupabaseClientOptions Adds support for the emitLocalSessionAsInitialSession flag in SupabaseClientOptions.AuthOptions so users can configure this behavior when creating a SupabaseClient. - Added emitLocalSessionAsInitialSession property to SupabaseClientOptions.AuthOptions - Updated both initializers to include the new parameter - Pass the flag through to AuthClient initialization in SupabaseClient This ensures users can configure the flag whether they create an AuthClient directly or use SupabaseClient. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
diff --git a/Package@swift-6.1.swift b/Package@swift-6.1.swift
diff --git a/Sources/Auth/AuthClient.swift b/Sources/Auth/AuthClient.swift
@@ -1393,7 +1393,7 @@ public actor AuthClient {
   }
 
   private func emitInitialSession(forToken token: ObservationToken) async {
-    #if EmitLocalSessionAsInitialSession
+    if configuration.emitLocalSessionAsInitialSession {
       guard let currentSession else {
         eventEmitter.emit(.initialSession, session: nil, token: token)
         return
@@ -1407,7 +1407,7 @@ public actor AuthClient {
           // No need to emit `tokenRefreshed` nor `signOut` event since the `refreshSession` does it already.
         }
       }
-    #else
+    } else {
       let session = try? await session
       eventEmitter.emit(.initialSession, session: session, token: token)
 
@@ -1417,16 +1417,16 @@ public actor AuthClient {
         reportIssue(
           """
           Initial session emitted after attempting to refresh the local stored session.
-          This is incorrect behavior and will be fixed in the next major release since it’s a breaking change.
-          For now, if you want to opt-in to the new behavior, add the trait `EmitLocalSessionAsInitialSession` to your Package.swift file when importing the Supabase dependency.
+          This is incorrect behavior and will be fixed in the next major release since it's a breaking change.
+          To opt-in to the new behavior now, set `emitLocalSessionAsInitialSession: true` in your AuthClient configuration.
           The new behavior ensures that the locally stored session is always emitted, regardless of its validity or expiration.
           If you rely on the initial session to opt users in, you need to add an additional check for `session.isExpired` in the session.
 
           Check https://github.com/supabase/supabase-swift/pull/822 for more information.
           """
         )
       }
-    #endif
+    }
   }
 
   nonisolated private func prepareForPKCE() -> (
diff --git a/Sources/Auth/AuthClientConfiguration.swift b/Sources/Auth/AuthClientConfiguration.swift
@@ -46,6 +46,16 @@ extension AuthClient {
     /// Set to `true` if you want to automatically refresh the token before expiring.
     public let autoRefreshToken: Bool
 
+    /// When `true`, emits the locally stored session immediately as the initial session,
+    /// regardless of its validity or expiration. When `false`, emits the initial session
+    /// after attempting to refresh the local stored session (legacy behavior).
+    ///
+    /// Default is `false` for backward compatibility. This will change to `true` in the next major release.
+    ///
+    /// - Note: If you rely on the initial session to opt users in, you need to add an additional
+    ///   check for `session.isExpired` when this is set to `true`.
+    public let emitLocalSessionAsInitialSession: Bool
+
     /// Initializes a AuthClient Configuration with optional parameters.
     ///
     /// - Parameters:
@@ -60,6 +70,7 @@ extension AuthClient {
     ///   - decoder: The JSON decoder to use for decoding responses.
     ///   - fetch: The asynchronous fetch handler for network requests.
     ///   - autoRefreshToken: Set to `true` if you want to automatically refresh the token before expiring.
+    ///   - emitLocalSessionAsInitialSession: When `true`, emits the locally stored session immediately as the initial session.
     public init(
       url: URL? = nil,
       headers: [String: String] = [:],
@@ -71,7 +82,8 @@ extension AuthClient {
       encoder: JSONEncoder = AuthClient.Configuration.jsonEncoder,
       decoder: JSONDecoder = AuthClient.Configuration.jsonDecoder,
       fetch: @escaping FetchHandler = { try await URLSession.shared.data(for: $0) },
-      autoRefreshToken: Bool = AuthClient.Configuration.defaultAutoRefreshToken
+      autoRefreshToken: Bool = AuthClient.Configuration.defaultAutoRefreshToken,
+      emitLocalSessionAsInitialSession: Bool = false
     ) {
       let headers = headers.merging(Configuration.defaultHeaders) { l, _ in l }
 
@@ -86,6 +98,7 @@ extension AuthClient {
       self.decoder = decoder
       self.fetch = fetch
       self.autoRefreshToken = autoRefreshToken
+      self.emitLocalSessionAsInitialSession = emitLocalSessionAsInitialSession
     }
   }
 
@@ -103,6 +116,7 @@ extension AuthClient {
   ///   - decoder: The JSON decoder to use for decoding responses.
   ///   - fetch: The asynchronous fetch handler for network requests.
   ///   - autoRefreshToken: Set to `true` if you want to automatically refresh the token before expiring.
+  ///   - emitLocalSessionAsInitialSession: When `true`, emits the locally stored session immediately as the initial session.
   public init(
     url: URL? = nil,
     headers: [String: String] = [:],
@@ -114,7 +128,8 @@ extension AuthClient {
     encoder: JSONEncoder = AuthClient.Configuration.jsonEncoder,
     decoder: JSONDecoder = AuthClient.Configuration.jsonDecoder,
     fetch: @escaping FetchHandler = { try await URLSession.shared.data(for: $0) },
-    autoRefreshToken: Bool = AuthClient.Configuration.defaultAutoRefreshToken
+    autoRefreshToken: Bool = AuthClient.Configuration.defaultAutoRefreshToken,
+    emitLocalSessionAsInitialSession: Bool = false
   ) {
     self.init(
       configuration: Configuration(
@@ -128,7 +143,8 @@ extension AuthClient {
         encoder: encoder,
         decoder: decoder,
         fetch: fetch,
-        autoRefreshToken: autoRefreshToken
+        autoRefreshToken: autoRefreshToken,
+        emitLocalSessionAsInitialSession: emitLocalSessionAsInitialSession
       )
     )
   }
diff --git a/Sources/Supabase/SupabaseClient.swift b/Sources/Supabase/SupabaseClient.swift
@@ -181,7 +181,8 @@ public final class SupabaseClient: Sendable {
         // DON'T use `fetchWithAuth` method within the AuthClient as it may cause a deadlock.
         try await options.global.session.data(for: $0)
       },
-      autoRefreshToken: options.auth.autoRefreshToken
+      autoRefreshToken: options.auth.autoRefreshToken,
+      emitLocalSessionAsInitialSession: options.auth.emitLocalSessionAsInitialSession
     )
 
     _realtime = UncheckedSendable(
diff --git a/Sources/Supabase/Types.swift b/Sources/Supabase/Types.swift
@@ -57,6 +57,13 @@ public struct SupabaseClientOptions: Sendable {
     /// Set to `true` if you want to automatically refresh the token before expiring.
     public let autoRefreshToken: Bool
 
+    /// When `true`, emits the locally stored session immediately as the initial session,
+    /// regardless of its validity or expiration. When `false`, emits the initial session
+    /// after attempting to refresh the local stored session (legacy behavior).
+    ///
+    /// Default is `false` for backward compatibility. This will change to `true` in the next major release.
+    public let emitLocalSessionAsInitialSession: Bool
+
     /// Optional function for using a third-party authentication system with Supabase. The function should return an access token or ID token (JWT) by obtaining it from the third-party auth client library.
     /// Note that this function may be called concurrently and many times. Use memoization and locking techniques if this is not supported by the client libraries.
     /// When set, the `auth` namespace of the Supabase client cannot be used.
@@ -71,6 +78,7 @@ public struct SupabaseClientOptions: Sendable {
       encoder: JSONEncoder = AuthClient.Configuration.jsonEncoder,
       decoder: JSONDecoder = AuthClient.Configuration.jsonDecoder,
       autoRefreshToken: Bool = AuthClient.Configuration.defaultAutoRefreshToken,
+      emitLocalSessionAsInitialSession: Bool = false,
       accessToken: (@Sendable () async throws -> String?)? = nil
     ) {
       self.storage = storage
@@ -80,6 +88,7 @@ public struct SupabaseClientOptions: Sendable {
       self.encoder = encoder
       self.decoder = decoder
       self.autoRefreshToken = autoRefreshToken
+      self.emitLocalSessionAsInitialSession = emitLocalSessionAsInitialSession
       self.accessToken = accessToken
     }
   }
@@ -173,6 +182,7 @@ extension SupabaseClientOptions.AuthOptions {
       encoder: JSONEncoder = AuthClient.Configuration.jsonEncoder,
       decoder: JSONDecoder = AuthClient.Configuration.jsonDecoder,
       autoRefreshToken: Bool = AuthClient.Configuration.defaultAutoRefreshToken,
+      emitLocalSessionAsInitialSession: Bool = false,
       accessToken: (@Sendable () async throws -> String?)? = nil
     ) {
       self.init(
@@ -183,6 +193,7 @@ extension SupabaseClientOptions.AuthOptions {
         encoder: encoder,
         decoder: decoder,
         autoRefreshToken: autoRefreshToken,
+        emitLocalSessionAsInitialSession: emitLocalSessionAsInitialSession,
         accessToken: accessToken
       )
     }
diff --git a/Tests/AuthTests/AuthClientTests.swift b/Tests/AuthTests/AuthClientTests.swift

Original file line number	Diff line number	Diff line change
`@@ -1393,7 +1393,7 @@ public actor AuthClient {`
`1393`	`1393`	`}`
`1394`	`1394`
`1395`	`1395`	`private func emitInitialSession(forToken token: ObservationToken) async {`
`1396`		`- #if EmitLocalSessionAsInitialSession`
	`1396`	`+ if configuration.emitLocalSessionAsInitialSession {`
`1397`	`1397`	`guard let currentSession else {`
`1398`	`1398`	`eventEmitter.emit(.initialSession, session: nil, token: token)`
`1399`	`1399`	`return`
`@@ -1407,7 +1407,7 @@ public actor AuthClient {`
`1407`	`1407`	// No need to emit `tokenRefreshed` nor `signOut` event since the `refreshSession` does it already.
`1408`	`1408`	`}`
`1409`	`1409`	`}`
`1410`		`- #else`
	`1410`	`+ } else {`
`1411`	`1411`	`let session = try? await session`
`1412`	`1412`	`eventEmitter.emit(.initialSession, session: session, token: token)`
`1413`	`1413`
`@@ -1417,16 +1417,16 @@ public actor AuthClient {`
`1417`	`1417`	`reportIssue(`
`1418`	`1418`	`"""`
`1419`	`1419`	`Initial session emitted after attempting to refresh the local stored session.`
`1420`		`- This is incorrect behavior and will be fixed in the next major release since it’s a breaking change.`
`1421`		- For now, if you want to opt-in to the new behavior, add the trait `EmitLocalSessionAsInitialSession` to your Package.swift file when importing the Supabase dependency.
	`1420`	`+ This is incorrect behavior and will be fixed in the next major release since it's a breaking change.`
	`1421`	+ To opt-in to the new behavior now, set `emitLocalSessionAsInitialSession: true` in your AuthClient configuration.
`1422`	`1422`	`The new behavior ensures that the locally stored session is always emitted, regardless of its validity or expiration.`
`1423`	`1423`	If you rely on the initial session to opt users in, you need to add an additional check for `session.isExpired` in the session.
`1424`	`1424`
`1425`	`1425`	`Check https://github.com/supabase/supabase-swift/pull/822 for more information.`
`1426`	`1426`	`"""`
`1427`	`1427`	`)`
`1428`	`1428`	`}`
`1429`		`- #endif`
	`1429`	`+ }`
`1430`	`1430`	`}`
`1431`	`1431`
`1432`	`1432`	`nonisolated private func prepareForPKCE() -> (`
Original file line number	Diff line number	Diff line change
`@@ -181,7 +181,8 @@ public final class SupabaseClient: Sendable {`
`181`	`181`	// DON'T use `fetchWithAuth` method within the AuthClient as it may cause a deadlock.
`182`	`182`	`try await options.global.session.data(for: $0)`
`183`	`183`	`},`
`184`		`- autoRefreshToken: options.auth.autoRefreshToken`
	`184`	`+ autoRefreshToken: options.auth.autoRefreshToken,`
	`185`	`+ emitLocalSessionAsInitialSession: options.auth.emitLocalSessionAsInitialSession`
`185`	`186`	`)`
`186`	`187`
`187`	`188`	`_realtime = UncheckedSendable(`