Logout should always reset the session.

supabase · May 9, 2024 · c869307 · c869307
1 parent 4b01556
commit c869307
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/Sources/Auth/AuthClient.swift b/Sources/Auth/AuthClient.swift
@@ -698,15 +698,24 @@ public final class AuthClient: Sendable {
   /// If using ``SignOutScope/others`` scope, no ``AuthChangeEvent/signedOut`` event is fired.
   /// - Parameter scope: Specifies which sessions should be logged out.
   public func signOut(scope: SignOutScope = .global) async throws {
-    do {
-      // Make sure we have a valid session.
-      _ = try await sessionManager.session()
+    let accessToken = currentSession?.accessToken
+
+    if scope != .others {
+        await sessionManager.remove()
+        eventEmitter.emit(.signedOut, session: nil)
+    }
+
+    guard let accessToken else {
+        throw AuthError.sessionNotFound
+    }
 
-      try await api.authorizedExecute(
+    do {
+      _ = try await api.execute(
         .init(
           url: configuration.url.appendingPathComponent("logout"),
           method: .post,
-          query: [URLQueryItem(name: "scope", value: scope.rawValue)]
+          query: [URLQueryItem(name: "scope", value: scope.rawValue)], 
+          headers: [.init(name: "Authorization", value: "Bearer \(accessToken)")]
         )
       )
     } catch {
@@ -720,11 +729,6 @@ public final class AuthClient: Sendable {
         throw error
       }
     }
-
-    if scope != .others {
-      await sessionManager.remove()
-      eventEmitter.emit(.signedOut, session: nil)
-    }
   }
 
   /// Log in an user given a User supplied OTP received via email.