Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
Discussion options

seanboehnke
Feb 26, 2024

My team has found an issue where authorization with supabase gets a handshake error but we are having a hard time reproducing. The two people that have had the issue are both on Mountain time...which leads me to think it may be a time zone issue. I have tried using a VPN to reproduce the issue but with no luck. The users with the issue are able to get around it if they use a VPN. Here is the error we get:

TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: UNITYTLS_X509VERIFY_NOT_DONE
  at Mono.Unity.Debug.CheckAndThrow (Mono.Unity.UnityTls+unitytls_errorstate errorState, Mono.Unity.UnityTls+unitytls_x509verify_result verifyResult, System.String context, Mono.Security.Interface.AlertDescription defaultAlert) [0x00036] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at Mono.Unity.UnityTlsContext.ProcessHandshake () [0x00082] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool)
  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in <6bb3336e864c4ab48c43a2538573e586>:0 
Rethrow as AuthenticationException: Authentication failed, see inner exception.
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x00262] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x0016a] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x001ba] in <6bb3336e864c4ab48c43a2538573e586>:0 
Rethrow as WebException: Error: SecureChannelFailure (Authentication failed, see inner exception.)
  at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x0021a] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.WebConnection.InitConnection (System.Net.WebOperation operation, System.Threading.CancellationToken cancellationToken) [0x00141] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.WebOperation.Run () [0x0009a] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.WebCompletionSource``1[T].WaitForCompletion () [0x00094] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.HttpWebRequest.RunWithTimeoutWorker[T] (System.Threading.Tasks.Task``1[TResult] workerTask, System.Int32 timeout, System.Action abort, System.Func``1[TResult] aborted, System.Threading.CancellationTokenSource cts) [0x000f8] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.Http.MonoWebRequestHandler.SendAsync (System.Net.Http.HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) [0x00378] in <fdf53110115a4a20a062bcf2ecb4a3c9>:0 
Rethrow as HttpRequestException: An error occurred while sending the request
  at System.Net.Http.MonoWebRequestHandler.SendAsync (System.Net.Http.HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) [0x00509] in <fdf53110115a4a20a062bcf2ecb4a3c9>:0 
  at System.Net.Http.HttpClient.SendAsyncWorker (System.Net.Http.HttpRequestMessage request, System.Net.Http.HttpCompletionOption completionOption, System.Threading.CancellationToken cancellationToken) [0x000e8] in <fdf53110115a4a20a062bcf2ecb4a3c9>:0 
  at Supabase.Functions.Client.HandleRequest (System.String url, System.String token, Supabase.Functions.Client+InvokeFunctionOptions options) [0x001e3] in <3e0c6dc7a762481390541dccc1ca3c02>:0 
  at Supabase.Functions.Client.Invoke (System.String functionName, System.String token, Supabase.Functions.Client+InvokeFunctionOptions options) [0x00093] in <3e0c6dc7a762481390541dccc1ca3c02>:0 
  at Blocs.ActiveProfileBloc+<>c__DisplayClass10_0.<SignInWithSteam>b__0 (Supabase.Client supabase) [0x000fb] in <ac70c9b374b54d209a48dc97cd5d9205>:0 
  at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__7_0 (System.Object state) [0x00000] in <6aa56e57ab504395b555cf3ed50fa53d>:0 
  at UnityEngine.UnitySynchronizationContext+WorkRequest.Invoke () [0x00002] in <f942ac1a0e36493c88c6d7ed3b664d7d>:0 
  at UnityEngine.UnitySynchronizationContext.Exec () [0x0005d] in <f942ac1a0e36493c88c6d7ed3b664d7d>:0 
  at UnityEngine.UnitySynchronizationContext.ExecuteTasks () [0x00014] in <f942ac1a0e36493c88c6d7ed3b664d7d>:0
You must be logged in to vote

Replies: 5 comments · 23 replies

Comment options

acupofjose
Feb 26, 2024

Based on:

 at Supabase.Functions.Client.HandleRequest (System.String url, System.String token, Supabase.Functions.Client+InvokeFunctionOptions options) [0x001e3] in <3e0c6dc7a762481390541dccc1ca3c02>:0 
  at Supabase.Functions.Client.Invoke (System.String functionName, System.String token, Supabase.Functions.Client+InvokeFunctionOptions options) [0x00093] in <3e0c6dc7a762481390541dccc1ca3c02>:0

It looks like it could be an issue with a supabase function that's being called...
Are you using a hosted supabase instance? Or a self-hosted one?
You must be logged in to vote
11 replies
@wiverson
Comment options

wiverson Feb 27, 2024
Maintainer

WRT to testing the access, I would add the hello or timestamp pingback request before you call your auth method.

Try adding some debug tracing before and after the steamResponse fetch and parsedData lines. If you have the specific ID info for the failing clients I would see if you can capture the complete req you have coming in to Deno.serve as well. Add logging or debug to the Deno.serve top level as well to see what you can get out.

The lines that are jumping out at me just looking at it are the Authorization coming from the request and then passing directly in to the steamResponse fetch. That fetch is happening in the Deno.serve, so if something goes wrong it's going to pop it up to the top level.

In this scenario I think what would happen is the steamResponse fails with an auth rejection, then it passes it to the Deno.serve which in turn passes that up to your client.

FWIW I don't think this has much to do with supabase-csharp but now it's a mystery... :)
@seanboehnke
Comment options

seanboehnke Feb 28, 2024
Author

I was able to push a dev build and have found that the "SignInWithSteam" portion in that error log is on the line where I do the following:

var response = JsonConvert.DeserializeObject<SteamVerificationResponse>(
    await supabase.Functions.Invoke(
        "steam-verify",
        _supabaseBloc.SupabaseSettings.SupabaseAnonKey,
        new InvokeFunctionOptions
        {
            Body = new Dictionary<string, object>
            {
                ["steamDisplayName"] = steamUser.Name,
                ["steamFriendCode"] = steamUser.FriendCode,
                ["steamId"] = steamUser.SteamId,
                ["authTicket"] = authTicket
            }
        }));

The supabase object is an instance of a Supabase.Client. It appears it blows up on the Invoke. However, the supabase logs actually show the successful authentication with valid data (from the auth.txt I posted before...the actual file is called steam-verify) ...which is very confusing.

TlsException: Handshake failed - error code: UNITYTLS_INTERNAL_ERROR, verify result: UNITYTLS_X509VERIFY_NOT_DONE
  at Mono.Unity.Debug.CheckAndThrow (Mono.Unity.UnityTls+unitytls_errorstate errorState, Mono.Unity.UnityTls+unitytls_x509verify_result verifyResult, System.String context, Mono.Security.Interface.AlertDescription defaultAlert) [0x00036] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at Mono.Unity.UnityTlsContext.ProcessHandshake () [0x00082] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000da] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool)
  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000fc] in <6bb3336e864c4ab48c43a2538573e586>:0 
Rethrow as AuthenticationException: Authentication failed, see inner exception.
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessAuthentication (System.Boolean runSynchronously, Mono.Net.Security.MonoSslAuthenticationOptions options, System.Threading.CancellationToken cancellationToken) [0x00262] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at Mono.Net.Security.MonoTlsStream.CreateStream (System.Net.WebConnectionTunnel tunnel, System.Threading.CancellationToken cancellationToken) [0x0016a] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x001ba] in <6bb3336e864c4ab48c43a2538573e586>:0 
Rethrow as WebException: Error: SecureChannelFailure (Authentication failed, see inner exception.)
  at System.Net.WebConnection.CreateStream (System.Net.WebOperation operation, System.Boolean reused, System.Threading.CancellationToken cancellationToken) [0x0021a] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.WebConnection.InitConnection (System.Net.WebOperation operation, System.Threading.CancellationToken cancellationToken) [0x00141] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.WebOperation.Run () [0x0009a] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.WebCompletionSource``1[T].WaitForCompletion () [0x00094] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.HttpWebRequest.RunWithTimeoutWorker[T] (System.Threading.Tasks.Task``1[TResult] workerTask, System.Int32 timeout, System.Action abort, System.Func``1[TResult] aborted, System.Threading.CancellationTokenSource cts) [0x000f8] in <6bb3336e864c4ab48c43a2538573e586>:0 
  at System.Net.Http.MonoWebRequestHandler.SendAsync (System.Net.Http.HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) [0x00378] in <fdf53110115a4a20a062bcf2ecb4a3c9>:0 
Rethrow as HttpRequestException: An error occurred while sending the request
  at System.Net.Http.MonoWebRequestHandler.SendAsync (System.Net.Http.HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) [0x00509] in <fdf53110115a4a20a062bcf2ecb4a3c9>:0 
  at System.Net.Http.HttpClient.SendAsyncWorker (System.Net.Http.HttpRequestMessage request, System.Net.Http.HttpCompletionOption completionOption, System.Threading.CancellationToken cancellationToken) [0x000e8] in <fdf53110115a4a20a062bcf2ecb4a3c9>:0 
  at Supabase.Functions.Client.HandleRequest (System.String url, System.String token, Supabase.Functions.Client+InvokeFunctionOptions options) [0x001e3] in <3e0c6dc7a762481390541dccc1ca3c02>:0 
  at Supabase.Functions.Client.Invoke (System.String functionName, System.String token, Supabase.Functions.Client+InvokeFunctionOptions options) [0x00093] in <3e0c6dc7a762481390541dccc1ca3c02>:0 
  at Blocs.ActiveProfileBloc+<>c__DisplayClass10_0.<SignInWithSteam>b__0 (Supabase.Client supabase) [0x000d3] in C:\Users\sean.boehnke_lan-par\Documents\repos\lan-party\packages\lan-party\Assets\Blocs\ActiveProfile\ActiveProfile.cs:57 
  at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__7_0 (System.Object state) [0x00000] in <6aa56e57ab504395b555cf3ed50fa53d>:0 
  at UnityEngine.UnitySynchronizationContext+WorkRequest.Invoke () [0x00002] in C:\build\output\unity\unity\Runtime\Export\Scripting\UnitySynchronizationContext.cs:153 
  at UnityEngine.UnitySynchronizationContext.Exec () [0x0005d] in C:\build\output\unity\unity\Runtime\Export\Scripting\UnitySynchronizationContext.cs:83 
  at UnityEngine.UnitySynchronizationContext.ExecuteTasks () [0x00014] in C:\build\output\unity\unity\Runtime\Export\Scripting\UnitySynchronizationContext.cs:107 `
@seanboehnke
Comment options

seanboehnke Feb 29, 2024
Author

I don't understand why the Invoke would work to the point that supabase gets the logs from the steam-verify edge function like it completes successfully but this error occurs anyways...I would expect a different error if it is during the deserialize call.
@seanboehnke
Comment options

seanboehnke Feb 29, 2024
Author

I confirmed that I get this error if I move the Invoke outside of the deserialize code...so the issue doesn't involve the deserialize.
@seanboehnke
Comment options

seanboehnke Mar 4, 2024
Author

@wiverson or @acupofjose Do you have any ideas on this with the new info?
Comment options

wiverson
Mar 4, 2024
Maintainer

My two cents - either there is something weirdly wrong with the Unity TLS (eg the stuff in an earlier post) or there is something weird about the incoming data interacting with the function. At this point I think you're looking at having to figure out either how to recreate using deeper and deeper logging to get every scrap of input and output and/or attaching a debugger to a test server. I'm leaning toward it not being the Unity TLS stuff as it would presumably affect other things, but if it's only this one function that points to something about the function and the data.
You must be logged in to vote
2 replies
@acupofjose
Comment options

acupofjose Mar 4, 2024

Unity is out of my wheelhouse personally, but I agree with @wiverson that it'd be odd for it to blow up in this case and only this case. Since your supabase logs show a successful authentication with steam and it blows up afterwards I'm also inclined to say it's a issue with the data being returned.

But I don't understand why Unity would say it's a TLS error if that's the case.... Nor do I understand why Unity would throw the TLS error and the request be sent to the supabase servers too. All I have is a 🤷 as an answer unfortunately.
@wiverson
Comment options

wiverson Mar 4, 2024
Maintainer

RE Unity and the TLS, well... umm... Unity can be (cough) a bit quirky. Especially when they decided for some reason to write their own special version of a standard library like JSON processing or networking. So the notion that, say, there's an exception where a https fault gets wrapped by the wrong exception doesn't surprise me at all thb.
Comment options

seanboehnke
Mar 7, 2024
Author

So the people that are having an issue are accessing the edge function from a different region than what the database is on. So supabase's suggestion is to set the region for it in the headers during the invoke call. https://github.com/orgs/supabase/discussions/12613
You must be logged in to vote
9 replies
@seanboehnke
Comment options

seanboehnke Mar 11, 2024
Author

Do you have any insight into that? I know the supabase c# logic is split into multiple repos and I wasn't really seeing what I needed to change to expose it right away.
@acupofjose
Comment options

acupofjose Mar 11, 2024

Sure! I'd add the timeout as an option to InvokeFunctionOptions and add it to the HttpClient in this method: https://github.com/supabase-community/functions-csharp/blob/4605d4e621d30b7dfaf27496fe98e92cbb1b3bf4/Functions/Client.cs#L99-L144

Mondays are my busy day, I can do an Issue and PR tomorrow for it if you like!
@seanboehnke
Comment options

seanboehnke Mar 11, 2024
Author

That would be great! Thanks
@acupofjose
Comment options

acupofjose Mar 12, 2024

Should be good to go in the latest release
@seanboehnke
Comment options

seanboehnke Mar 12, 2024
Author

Awesome thanks! Also, fun unrelated note, calling the GetPublicUrl() on a bucket is giving me back a url with the bucket name in it twice which breaks the url.
Comment options

andriivitiv
Jul 31, 2024

Oof, turns out it is a bug in Unity TLS. Someone forgot to put ! before IsServer on this line. That comment above confirms it. We patched the ProcessHandshake() method with Harmony a few months ago and haven't seen this exception since.

@UnityAlex I assume you work for Unity, so you might want to fix this in their repo.
You must be logged in to vote
0 replies
Comment options

UnityAlex
Jul 31, 2024

Oh no! Yes I do work for Unity. If someone could submit a bug to us I would be happy to investigate and fix.
You must be logged in to vote
1 reply
@seanboehnke
Comment options

seanboehnke Sep 12, 2024
Author

@UnityAlex Has this been handled? If not I can submit the issue wherever you'd like.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
🙏
Q&A
Labels
None yet
5 participants
@seanboehnke @wiverson @UnityAlex @acupofjose @andriivitiv
Morty Proxy This is a proxified and sanitized view of the page, visit original site.