supabase.auth.getUser(token) receives "Bad Request" from supabase api

[k-nearest-neighbor]

Bug report

• [ x] I confirm this is a bug with Supabase, not with my own application.
• [ x] I confirm I have searched the Docs, GitHub [Discussions]

Description

Running locally, I'm following https://supabase.com/docs/guides/functions/auth and the github example https://github.dev/supabase/supabase/blob/master/examples/edge-functions/supabase/functions/select-from-table-with-auth-rls/index.ts

When doing const response = await supabase.auth.getUser(token) there is a response.error:

AuthUnknownError: Unexpected token 'B', "Bad request
" is not valid JSON
    at handleError (fetch.js:34:15)
    ...

It looks like the supabase client is sending the request to the api server and getting the response "Bad request", and then excepting when attempting to parse it as JSON.

My main concern is why is it getting "Bad request"? / this is blocking me. It must be something about my setup but I haven't been able to find it.

But it's also worth noticing potential bugs with the supabase client and/or server:

• Is the supabase client not checking for 200 before attempting to parse?
• Was "Bad request" sent with 500 or 200 from the api server?

To Reproduce

1. supabase start
2. supabase functions serve --inspect-mode brk (optionally)
3. Make request from browser with a supabase client.
4. Function end point looks like:

   
   import { corsHeaders } from '../_shared/cors.ts'
   import { createClient } from 'jsr:@supabase/supabase-js@2';

const supabaseUrl = Deno.env.get('SUPABASE_URL'); // this is 'http://kong:8000' const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY'); // this is set correctly

Deno.serve(async (req) => { console.log('corsHeaders: ', corsHeaders) if (req.method === 'OPTIONS') { return new Response('ok', { headers: corsHeaders }) }

const authorization = req.headers.get('Authorization'); if (!authorization) { return new Response( JSON.stringify({ error: No authorization header passed }), { status: 500, headers: { 'Content-Type': 'application/json' }, } ); }

const supabase = createClient(supabaseUrl, supabaseAnonKey, { global: {headers: {authorization}} });

const token = authorization.replace('Bearer ', '');

const response = await supabase.auth.getUser(token); console.log('response.error: ', response.error);

...

response.error:

AuthUnknownError: Unexpected token 'B', "Bad request " is not valid JSON at handleError (fetch.js:34:15) ...

## Expected behavior

Should retrieve the user without error

## System information

- OS: macOS Sonoma 14.6
- Version of supabase-js: ^2.43.2
- Version of Node.js: v21.7.1
 - Version of CLI:`supabase -v` 1.200.3
 - Version of Docker:`docker -v` Docker version 27.1.1, build 6312585
 - Versions of services: [output from `supabase services` command]

    SERVICE IMAGE      │      LOCAL       │   LINKED

─────────────────────────┼──────────────────┼───────────── supabase/postgres │ 15.6.1.115 │ 15.6.1.115 supabase/gotrue │ v2.162.1 │ v2.162.1 postgrest/postgrest │ v12.2.3 │ v12.2.3 supabase/realtime │ v2.30.34 │ - supabase/storage-api │ v1.11.7 │ v1.11.7 supabase/edge-runtime │ v1.58.3 │ - supabase/studio │ 20240729-ce42139 │ - supabase/postgres-meta │ v0.83.2 │ - supabase/logflare │ 1.4.0 │ - supabase/supavisor │ 1.1.56 │ -

[k-nearest-neighbor]

This was due to passing the header wrong

  const supabase = createClient(supabaseUrl, supabaseAnonKey, {
    global: {headers: {authorization_header}}
  });
 // Should be:
  const supabase = createClient(supabaseUrl, supabaseAnonKey, {
    global: {headers: {Authorization: authorization_header}}
  });