Next JS - Supabase Error: AuthApiError: Invalid Refresh Token: Already Used

I'm trying to implement Supabase Auth in a Next JS project

Now I'm encounter the following error which keeps repeating when I npm run dev:

[AuthApiError: Invalid Refresh Token: Already Used]{ __isAuthError: true,name: 'AuthApiError',status: 400}

this is my middleware.ts

import type { NextRequest } from "next/server";import { NextResponse } from "next/server";import { createMiddlewareClient } from "@supabase/auth-helpers-nextjs";import { Database } from "./types";const locales = ["en", "ar"];const defaultLocale = "en";const PUBLIC_FILE = /\.(.*)$/;export async function middleware(req: NextRequest) {  const res = NextResponse.next();  const supabase = createMiddlewareClient<Database>({ req, res });  const user = await supabase.auth.getSession();  if (    req.nextUrl.pathname.startsWith("/_next") ||    req.nextUrl.pathname.includes("/api/") ||    PUBLIC_FILE.test(req.nextUrl.pathname)  ) {    return;  }  const pathname = req.nextUrl.pathname;  // Manage route protection  const isAuthenticated = user?.data?.session?.user.role === "authenticated";  const isLoginPage =    pathname.startsWith("/login") || pathname.startsWith("/ar/login");  const sensitiveRoutes = ["/", "/ar"];  const isAccessingSensitiveRoute = sensitiveRoutes.some((route) =>    pathname.startsWith(route),  );  if (isLoginPage) {    if (isAuthenticated) {      return NextResponse.redirect(        new URL(`${pathname.startsWith("/ar") ? "/ar" : "/en"}/`, req.url),      );    }    if (      pathname.startsWith(`/${defaultLocale}/`) ||      pathname === `/${defaultLocale}`    ) {      return NextResponse.redirect(        new URL(          pathname.replace(            `/${defaultLocale}`,            pathname === `/${defaultLocale}` ? "/" : "",          ),          req.url,        ),      );    }  }  if (!isAuthenticated && isAccessingSensitiveRoute && !isLoginPage) {    return NextResponse.redirect(      new URL(`${pathname.startsWith("/ar") ? "/ar" : ""}/login`, req.url),    );  }  // Check if the default locale is in the pathname  if (    pathname.startsWith(`/${defaultLocale}/`) ||    pathname === `/${defaultLocale}`  ) {    // e.g. incoming request is /en/products    // The new URL is now /products    return NextResponse.redirect(      new URL(        pathname.replace(          `/${defaultLocale}`,          pathname === `/${defaultLocale}` ? "/" : "",        ),        req.url,      ),    );  }  const pathnameIsMissingLocale = locales.every(    (locale) =>      !pathname.startsWith(`/${locale}/`) && pathname !== `/${locale}`,  );  if (pathnameIsMissingLocale) {    // We are on the default locale    // Rewrite so Next.js understands    // e.g. incoming request is /products    // Tell Next.js it should pretend it's /en/products    return NextResponse.rewrite(      new URL(`/${defaultLocale}${pathname}`, req.url),    );  }}export const config = {  matchter: ["/","/login","/((?!api|_next/static|_next/image|assets|favicon.ico).*)",  ],};

sometimes it's solved automatically (keeps repeating several times then stop) redirecting me to login page, and sometimes it keeps looping in this error without stopping.