From b7b4f645414c8f84db418adc67cef066e4768ed7 Mon Sep 17 00:00:00 2001
From: Gonchantech <gonchantech@gmail.com>
Date: Wed, 25 Jun 2025 11:50:23 +0900
Subject: [PATCH 1/2] fix(auth): avoid window.location access in SSR
 environments

---
 src/GoTrueClient.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/GoTrueClient.ts b/src/GoTrueClient.ts
index 9a38e9d7..51cf7366 100644
--- a/src/GoTrueClient.ts
+++ b/src/GoTrueClient.ts
@@ -362,7 +362,7 @@ export default class GoTrueClient {
    */
   private async _initialize(): Promise<InitializeResult> {
     try {
-      const params = parseParametersFromURL(window.location.href)
+      const params = isBrowser() ? parseParametersFromURL(window.location.href) : {}
       let callbackUrlType = 'none'
       if (this._isImplicitGrantCallback(params)) {
         callbackUrlType = 'implicit'

From 6f46f80d1726322abc66241d331a1e0cd08021d4 Mon Sep 17 00:00:00 2001
From: Gonzu <gonchantech@gmail.com>
Date: Fri, 18 Jul 2025 21:37:15 +0900
Subject: [PATCH 2/2] fix: check expires_in instead of expires_at in
 _isValidSession

The _isValidSession method was incorrectly checking for 'expires_at'
which is optional, instead of 'expires_in' which is required for
valid session validation.
---
 src/GoTrueClient.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/GoTrueClient.ts b/src/GoTrueClient.ts
index 51cf7366..fa08a8e6 100644
--- a/src/GoTrueClient.ts
+++ b/src/GoTrueClient.ts
@@ -2144,7 +2144,7 @@ export default class GoTrueClient {
       maybeSession !== null &&
       'access_token' in maybeSession &&
       'refresh_token' in maybeSession &&
-      'expires_at' in maybeSession
+      'expires_in' in maybeSession
 
     return isValidSession
   }