Open gams1976 opened 3 months ago
Hi @gams1976. Thanks for your report.
I was able to get the data with your project from the API call section. Is this still happening to you? Does it only happens in test mode or also in the Response and test of the Create API call section? Please, let me know.
Micaela, thank you for your response. The problem is not getting the data. The question is getting the data with the correct Token. When i use the supabase query client it works well. But when i make the call from the api it uses the anon key (and not the provided user token replaced by a variable in the call). So the issue is happening and impacts all api calls. I happens in test and in all scenarios
I i use the user JWT token in postman, it returns correct data. If i replace the bearer token in flutterflow with the same user JWT, it still uses the anon key for the api (returning wrong data with wrong privileges)
Different results with same JWT key provided as bearer token
As a summary, even if I change the BearerToken in the apicall, flutterflow still makes the call with the anon key.
This issue is stale because it has been open for 7 days with no activity. If there are no further updates, a team member will close the issue.
I am waiting for a solution @msusviela
I have the same issue.What can we do??
@fafa16 as a workaround for supabase you can use supabase actions or custom code as a workaround. But this is a serious issue and creates a lot of extra work that could be done with simple api calls...
I use this in the header: [auth_token] auth_token=JWT toekn from user
in my edge function (api) I am able to receive the good information but the request on tables done in the edge function are done with the anon token.very curious.I am lost...
This issue is stale because it has been open for 7 days with no activity. If there are no further updates, a team member will close the issue.
We are waiting for a answer from @msusviela
@msusviela
Does anyone found an elegant solution? Having trouble executing Supabase functions with API Call from Flutterflow when a table has RLS policy
@Serhio1210 the best way is to use custom code. Here a simple example using datatypes and supabase to load data
try { final response = await SupaFlow.client .from('clients') .select('*') //Choose essencial fields .eq('organization_id', organizationId);
for (var item in response) {
ClientStruct client = ClientStruct.fromMap(item);
clients.add(client);
};
is anyone else in FF support looking at this @pooja-ff @agreaves @leighajarett as the assignee has not responded for over two months, and has only been present on gitHub one day in the last month.
Hello!
Apologies for the delayed response.
I tested the issue in your project, and it appears to be more related to the specific data you're trying to retrieve via the endpoint rather than the Bearer token.
For instance, I noticed two different APIs: one for fetching body parts and another for photos. The photos endpoint returns data perfectly, which indicates that the call is being made correctly with the Bearer: [accesstoken].
However, it seems the getBodyParts
endpoint isn't returning any data, likely because the endpoint itself isn't resolving correctly. For example, if you call the API like this: https://[your-project-id].supabase.co/rest/v1/
from the FF API Call builder, it may freeze momentarily but will eventually return all data from your project. This suggests that the Bearer token is functioning as expected.
@Alezanello sorry but it is still not working correctly. I have put detailed instructions here on how to test it and others here have confirmed the issue. I am not keeping the code in the project updated since it doenst work as expected. The getbody parts isnt returning any data because it is not using the correct token. All explanation is above. Sorry to be this straight, but FF suport takes months to answer and you just give a plain answer...
@Alezanello The summary is : even if I change the BearerToken in the api call, flutterflow still makes the call with the anon key. The user token needs to be used, as it is the user token that has correct security rights. the anon key is the publicc key. This issue only happens in the api call (not on custom code and not on action).
Hello,
I apologize for the late response. Does this issue still persist, or was it fixed in the latest FlutterFlow updates?
Has your issue been reported?
Current Behavior
I have a supabase database with RLS enabled. When i use the flutterflow Supabase Query, everything goes well, but when i do the same query via API, it doesnt work. After careful testing, I identified that flutterflow replaces the bearer token (user JWT) with the anon token even tough i correctly place it in api header via variable. I even checked the same call in postman (using the user JWT) and it worked perfectly.
Expected Behavior
To use the defined variable (User JWT)
Steps to Reproduce
Make a call to supabase with bearer token using a variable Replace variable with user.jwt Check that the request does not use that JWT
Reproducible from Blank
Bug Report Code (Required)
IT4glcn15YpNpbxK1bqBKe9VqGIvKUh9bZc0sd4bGA0dCJzuPLMQdvXsQBRuZMfkTVV+OUSmmloxpdbqhtjpJ/kBFzuufIdxzKlqbT3LZEGie5OBEZeWfXx8DZ9TIX3D36WRmxV4G/VfWX9gwzqQPemXTivrJu62IndISq/LZO4=
Context
Show stopper for using Supabase API with RLS
Visual documentation
Additional Info
No response
Environment
General
Relative to the time the changes were made, data was lost within
When following my steps to reproduce, data loss happens