Closed biowaffeln closed 1 year ago
You cannot use service role with the auth-helpers, this would be a security issue. The auth-helpers by default doesn't allow you to use the service_role
secret
as this could lead to you leaking your service_role
secret
to the public. auth-helpers work in both the server and client side so there is no clear way to separate the key when using it in the client environment. You can however create a separate Supabase client using the @supabase/supabase-js
createClient
method and pass it the service_role``secret
. You will also need to turn some properties off since you are working in a server environment.
import { createClient } from '@supabase/supabase-js';
const supabase = createClient(supabaseUrl, serviceRoleSecret, {
auth: {
persistSession: false,
autoRefreshToken: false,
detectSessionInUrl: false
}
});
You cannot use service role with the auth-helpers, this would be a security issue. The auth-helpers by default doesn't allow you to use the
service_role
secret
as this could lead to you leaking yourservice_role
secret
to the public. auth-helpers work in both the server and client side so there is no clear way to separate the key when using it in the client environment. You can however create a separate Supabase client using the@supabase/supabase-js
createClient
method and pass it theservice_role
secret ``. You will also need to turn some properties off since you are working in a server environment.import { createClient } from '@supabase/supabase-js'; const supabase = createClient(supabaseUrl, serviceRoleSecret, { auth: { persistSession: false, autoRefreshToken: false, detectSessionInUrl: false } });
The auth params is much important! the doc creating-a-client need update.
Hi @anuoua, why do you think that needs updating please? my example above is how to use the service_role key with supabase-js, not the auth-helpers.
Bug report
Describe the bug
I'm using the auth-helpers-nextjs package with Next.js 13. I want to create an route handler that bypasses RLS using my service key, however when I instantiate a client and try to insert something into a table with RLS, I get the error "new row violates row-level security policy for table ...".
To Reproduce
For comparison, when I try to create a client directly with the
@supabase/supabase-js
package, the insert works:System information