Anon Supabase token is sometimes used to upload the data when an Android app is in background

[Radiokot]

Prerequisites

• The user is signed in to the Android app with Supabase credentials
• SupabaseClient instance is created by Koin: https://github.com/Radiokot/4money/blob/f6abb2ffc9c864eb5d5eb3f4b60037a8fe8d32c2/app/src/main/java/ua/com/radiokot/money/auth/AuthModule.kt#L41-L59
• PowerSyncDatabase (BETA31, and older) instance is created by Koin and connected with SupabaseConnector using the same SupabaseClient, launched in GlobalScope: https://github.com/Radiokot/4money/blob/f6abb2ffc9c864eb5d5eb3f4b60037a8fe8d32c2/app/src/main/java/ua/com/radiokot/money/powersync/PowerSyncModule.kt#L43-L57

Scenario

1. An expense logging screen of the app is opened via a desktop shortcut
2. The user selects account and category of the expense and enters the amount
3. A writeTransaction is executed in viewModelScope updating accounts table and inserting into the transfers tables
4. Once the transaction is complete, the screen finishes
5. The app is now in background, although its process is still alive

Expected result

• Either PowerSync uploads the data successfully while the process is still alive (if there's an Internet connection)
• Or it explicitly refuses to do it until the app is re-opened next time or the sync is called in a background worker

Actual result

1. PowerSync starts uploading the transaction entries
2. First one (accounts table update) usually goes well
3. When uploading the second one (insert to the transfers table), sometimes, anon Supabase token is used which causes operation failure due to RLS
4. After multiple retries, the sync stops or the process dies eventually, and now in Supabase the account has the updated balance while there is no recorded transfer
5. When the app is eventually re-opened, the transaction gets synchronized with the correct Supabase token

Why this is a problem

• If the correct token was used, PowerSync could have time to sync the transaction before the process is dead, so the data appears on other devices faster
• Supabase call error rate increases, hiding other potential problems

Log

11:14:47.146 <no-tag>                        E  Data upload error - retrying last entry: CrudEntry<40/92 PUT transfers/24678427-d3a8-43a7-8035-875d4b42242c {destination_amount=10000000, destination_id=96878196-f8fe-37db-8dd1-ad5ccd762087, source_amount=10000000, source_id=0733cd73-712b-345c-8358-31c04674c73a, time=2025-04-15T21:00:02Z}>, io.github.jan.supabase.postgrest.exception.PostgrestRestException: new row violates row-level security policy for table "transfers"
                                                URL: https://brbuezvbtkbrofypowjz.supabase.co/rest/v1/transfers?columns=destination_amount%2Cdestination_id%2Csource_amount%2Csource_id%2Ctime%2Cid
                                                Headers: [Authorization=[Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImJyYnVlenZidGticm9meXBvd2p6Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3MzkwMjAwNjcsImV4cCI6MjA1NDU5NjA2N30.lmQmzRNj1b-ZfAc1YlU7gGBgKS_e706ioTU0jxxyG9A], Prefer=[return=minimal,resolution=merge-duplicates], Content-Profile=[public], apikey=[eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImJyYnVlenZidGticm9meXBvd2p6Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3MzkwMjAwNjcsImV4cCI6MjA1NDU5NjA2N30.lmQmzRNj1b-ZfAc1YlU7gGBgKS_e706ioTU0jxxyG9A], X-Client-Info=[supabase-kt/3.1.4], Accept=[application/json], Accept-Charset=[UTF-8]]
                                                Http Method: POST
11:14:47.146 <no-tag>                        E  PowerSyncException: new row violates row-level security policy for table "transfers"
                                                URL: https://brbuezvbtkbrofypowjz.supabase.co/rest/v1/transfers?columns=destination_amount%2Cdestination_id%2Csource_amount%2Csource_id%2Ctime%2Cid
                                                Headers: [Authorization=[Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImJyYnVlenZidGticm9meXBvd2p6Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3MzkwMjAwNjcsImV4cCI6MjA1NDU5NjA2N30.lmQmzRNj1b-ZfAc1YlU7gGBgKS_e706ioTU0jxxyG9A], Prefer=[return=minimal,resolution=merge-duplicates], Content-Profile=[public], apikey=[eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImJyYnVlenZidGticm9meXBvd2p6Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3MzkwMjAwNjcsImV4cCI6MjA1NDU5NjA2N30.lmQmzRNj1b-ZfAc1YlU7gGBgKS_e706ioTU0jxxyG9A], X-Client-Info=[supabase-kt/3.1.4], Accept=[application/json], Accept-Charset=[UTF-8]]
                                                Http Method: POST
11:14:47.147 <no-tag>                        E  Error uploading crud: new row violates row-level security policy for table "transfers"
                                                URL: https://brbuezvbtkbrofypowjz.supabase.co/rest/v1/transfers?columns=destination_amount%2Cdestination_id%2Csource_amount%2Csource_id%2Ctime%2Cid
                                                Headers: [Authorization=[Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImJyYnVlenZidGticm9meXBvd2p6Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3MzkwMjAwNjcsImV4cCI6MjA1NDU5NjA2N30.lmQmzRNj1b-ZfAc1YlU7gGBgKS_e706ioTU0jxxyG9A], Prefer=[return=minimal,resolution=merge-duplicates], Content-Profile=[public], apikey=[eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImJyYnVlenZidGticm9meXBvd2p6Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3MzkwMjAwNjcsImV4cCI6MjA1NDU5NjA2N30.lmQmzRNj1b-ZfAc1YlU7gGBgKS_e706ioTU0jxxyG9A], X-Client-Info=[supabase-kt/3.1.4], Accept=[application/json], Accept-Charset=[UTF-8]]
                                                Http Method: POST
11:15:23.523 <no-tag>                        E  Error in streamingSync: Software caused connection abort