breaking: only allow pkce auth flow

README.md

@@ -171,7 +171,7 @@ event.locals.cookie_options
 ### Supabase client options
 Pass in an object of `SupabaseClientOptions`, with a couple of exceptions, as the third parameter to `createBrowserClient`.
 
-Supakit does not support a custom `storageKey`, or passing in `auth` options except `flowType`.
+Supakit does not support a custom `storageKey`, or passing in `auth` options except `storage`.
 
 Example:
 ```ts
@@ -190,7 +190,7 @@ export const supabase = createBrowserClient<Database>(
       }
     },
     auth: {
-      flowType: 'pkce'
+      storage: yourCustomStorage
     }
   }
 )

src/lib/browser/client.ts

@@ -1,27 +1,33 @@
-import { createClient, type SupabaseClient } from '@supabase/supabase-js'
+import { createClient, type SupabaseClient, type SupportedStorage } from '@supabase/supabase-js'
 import { CookieStorage } from './storage.js'
 import { setCookieOptions } from '../config/index.js'
-import type { SupabaseClientOptionsWithOnlyAuthFlowType, SecureCookieOptions } from '../types/index.js'
+import type { SupabaseClientOptionsWithoutAuth, SecureCookieOptions, GenericSchema } from '../types/index.js'
 
+/* mostly from @supabase/supabase-js */
 export const createBrowserClient = <
   Database = any,
   SchemaName extends string & keyof Database = 'public' extends keyof Database
     ? 'public'
-    : string & keyof Database
->(supabaseUrl: string, supabaseKey: string, options?: SupabaseClientOptionsWithOnlyAuthFlowType, cookie_options?: SecureCookieOptions): SupabaseClient<Database, SchemaName> => {
+    : string & keyof Database,
+  Schema extends GenericSchema = Database[SchemaName] extends GenericSchema
+    ? Database[SchemaName]
+    : any
+>(
+  supabaseUrl: string,
+  supabaseKey: string,
+  options?: SupabaseClientOptionsWithoutAuth<SchemaName> & { 
+    auth: {
+      storage: SupportedStorage
+    }
+  },
+  cookie_options?: SecureCookieOptions
+): SupabaseClient<Database, SchemaName> => {
   if (cookie_options) setCookieOptions(cookie_options)
-  const client = createClient<Database, SchemaName>(supabaseUrl, supabaseKey, {
+  return createClient<Database, SchemaName, Schema>(supabaseUrl, supabaseKey, {
     ...options,
-    global: {
-      ...options?.global,
-      headers: {
-        ...options?.global?.headers,
-        'X-Client-Info': '[email protected]'
-      }
-    },
     auth: {
-      storage: CookieStorage
+      storage: options?.auth.storage ?? CookieStorage,
+      flowType: 'pkce'
     }
   })
-  return client
 }

src/lib/types/index.d.ts

@@ -6,15 +6,6 @@ import type { Handle } from '@sveltejs/kit'
 export type CookieOptions = {[key: string]: any}
 export type SecureCookieOptions = Omit<CookieSerializeOptions, "httpOnly">
 export type StateChangeCallback = ({ event, session }: { event: AuthChangeEvent, session: Session | null }) => Promise<type> | void
-export type SupabaseClientOptionsWithOnlyAuthFlowType = Omit<SupabaseClientOptions<SchemaName>, 'auth'> & {
-  auth?: { flowType?: AuthFlowType }
-}
-export function createBrowserClient<
-  Database = any,
-  SchemaName extends string & keyof Database = 'public' extends keyof Database
-    ? 'public'
-    : string & keyof Database
->(supabaseUrl: string, supabaseKey: string, options?: SupabaseClientOptionsWithOnlyAuthFlowType, cookie_options?: SecureCookieOptions): SupabaseClient<Database, SchemaName>
 export function supabaseAuthStateChange(
   client: SupabaseClient,
   store?: Writable<Session | null> | null, 
@@ -27,3 +18,23 @@ export function setCookieOptions({}: CookieSerializeOptions): void
 export const CookieStorage: SupportedStorage
 export const supakit: Handle
 export const supakitLite: Handle
+
+/* from @supabase/supabase-js */
+export type SupabaseClientOptionsWithoutAuth<SchemaName = 'public'> = Omit<
+	SupabaseClientOptions<SchemaName>,
+	'auth'
+>
+export type GenericSchema = {
+  Tables: Record<string, GenericTable>
+  Views: Record<string, GenericView>
+  Functions: Record<string, GenericFunction>
+}
+export function createBrowserClient<
+  Database = any,
+  SchemaName extends string & keyof Database = 'public' extends keyof Database
+    ? 'public'
+    : string & keyof Database,
+  Schema extends GenericSchema = Database[SchemaName] extends GenericSchema
+    ? Database[SchemaName]
+    : any
+>(supabaseUrl: string, supabaseKey: string, options?: SupabaseClientOptionsWithoutAuth, cookie_options?: SecureCookieOptions): SupabaseClient<Database, SchemaName>