Notion OAuth provider returns 403 when retrieving user profile (GoTrue v2.188.1)

[matheobz]

Hi team, first of all thanks for the amazing work on Supabase Auth — really appreciate it!
I've run into an issue with the Notion OAuth provider on GoTrue v2.188.1.
After completing Notion OAuth flow, GoTrue calls /v1/users/me on Notion's API and receives a 403 error. The user info (name, email) is available in the token exchange response under owner.user but is not being used.

Error in logs:

"error": "a 403 error occurred with retrieving user from notion"
"msg": "500: Error getting user profile from external provider"
GoTrue version: v2.188.1

Steps to reproduce:

1. Configure Notion OAuth provider in Supabase project
2. Set "Read user information including email addresses" in Notion integration capabilities
3. Click "Sign in with Notion"
4. After Notion authorization, callback fails with 403

Expected: User is created/logged in using owner.user data from the token exchange response
Actual: GoTrue makes a separate call to /v1/users/me which returns 403 for OAuth tokens

Happy to provide any additional info or test a fix if needed. Thanks again!

[cemalkilic]

Hi @matheobz ,

Thanks for the detailed report!

I just tried reproducing this on GoTrue v2.188.1 with Notion and was able to complete login successfully on my side, so I have not yet been able to reproduce the 403 on /v1/users/me.

A few details that would help narrow this down:

• Is this a newly created Notion integration / new Supabase setup, or was this working previously and started failing recently (prior to latest gotrue version)?

• Are you able to share the exact Notion integration capabilities/scopes you configured?

• Could you describe the full repro steps a bit more precisely, including whether this happens consistently for all users/accounts?

• Are you using hosted Supabase Auth or a self-hosted GoTrue setup? If self-hosted, are there any custom config differences we should be aware of?