sign_out does not remove the session from storage if the API request raises an exception

[leonardo-panseri]

Bug report

• I confirm this is a bug with Supabase, not with my own application.
• I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

supabase.auth.sign_out() makes an incorrect use of contextlib.suppress .

From the docs:

contextlib.suppress(*exceptions)
Return a context manager that suppresses any of the specified exceptions if they occur in the body of a with statement and then resumes execution with the first statement following the end of the with statement.

This means that sign_out does not execute anything after self.admin.sign_out(...) if that method throws an exception (for example if the jwt has expired, or if the session has already been deleted from the db), because all the code after the call is still inside the context manager.

So in the case of a non-200 response from the API the following code never gest executed:

            if options["scope"] != "others":
                self._remove_session()
                self._notify_all_subscribers("SIGNED_OUT", None)

And the session is not removed from storage.

You may also want to update the docstring of the method, as it was copied from the js client and is not accurate to what the method actually does.

It may be a good idea to check for other incorrect uses of contextlib.suppress too.

To Reproduce

1. Create a user from the supabase dashboard
2. Sign in said user with the python client
3. Remove the created session from the auth.sessions table in the db
4. Sign out the user with the python client
5. Inspect the storage to verify that the supabase.auth.token key is still present

Expected behavior

The python client should correctly handle errors during the self.admin.sign_out() call and execute the following block of code regardless.
The only needed modification is to unindent the block of code after that call.