Skip to content

Suppress self-recovering "JWT expired" errors from background Supabase client#39

Merged
jonbng merged 1 commit into
mainfrom
posthog-code/suppress-jwt-expired-error
Jul 12, 2026
Merged

Suppress self-recovering "JWT expired" errors from background Supabase client#39
jonbng merged 1 commit into
mainfrom
posthog-code/suppress-jwt-expired-error

Conversation

@posthog-eu

@posthog-eu posthog-eu Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

Adds a "JWT expired" / PGRST301 check to the non-actionable error filter in captureSupabaseError, mirroring the existing PGRST116 and Unauthorized suppressions.

When ensureSessionReady() fails to refresh an expired access token (revoked refresh_token, network), its catch block deliberately lets the request run anyway. PostgREST then rejects it with "JWT expired", which flowed unfiltered into error tracking. It's a self-recovering auth-transition state — the next request re-auths via the QR flow — so it just added noise and nibbled at PostHog free-tier quota.

Also has handleRpc call ensureSessionReady() like handleQuery/handleMutate do, so RPCs get the same proactive token refresh (previously they skipped it entirely, making them the most exposed path).

Why

A one-off "JWT expired" background-worker error was leaking into error tracking as noise (1 occurrence, 1 user, 0 sessions) with no filter to catch it.


Created with PostHog Code from an inbox report.

…e client

Add a "JWT expired" / PGRST301 guard to captureSupabaseError's
non-actionable filter set, alongside the existing PGRST116 and
Unauthorized suppressions. When ensureSessionReady() can't refresh an
expired access token (revoked refresh_token, network), it deliberately
lets the request run anyway, so PostgREST rejects it with "JWT expired".
That's a self-recovering auth-transition state — the next request
re-auths via the QR flow — not an actionable bug, so reporting it just
adds noise and burns PostHog free-tier quota.

Also have handleRpc call ensureSessionReady() like handleQuery and
handleMutate do, so RPCs get the same proactive token refresh (they were
the most exposed path, skipping the refresh entirely).

Generated-By: PostHog Code
Task-Id: 62ef8cc7-7657-4fb8-8eb0-bbac2e833512
@vercel

vercel Bot commented Jul 11, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
betterlectio Ready Ready Preview, Comment Jul 11, 2026 6:14pm
betterlectio-admin Ready Ready Preview, Comment Jul 11, 2026 6:14pm

@jonbng
jonbng marked this pull request as ready for review July 12, 2026 10:04
Copilot AI review requested due to automatic review settings July 12, 2026 10:04
@jonbng
jonbng merged commit d21f041 into main Jul 12, 2026
4 checks passed

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reduces background Supabase error-noise in PostHog by filtering out self-recovering “JWT expired” (PGRST301) errors in captureSupabaseError, and aligns the RPC path with query/mutate by proactively calling ensureSessionReady() before executing RPCs.

Changes:

  • Add isExpiredJwtError() and suppress matching errors in captureSupabaseError.
  • Call ensureSessionReady() in handleRpc() to refresh access tokens before RPC calls.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread entrypoints/background.ts
try {
if (isTransientNetworkError(error)) return;
if (isNonActionablePostgrestError(error)) return;
if (isExpiredJwtError(error)) return;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants