fix: Handle properly jwt tokens

supabase / realtime-js

An isomorphic Javascript client for Supabase Realtime server.

https://supabase.com

MIT License

324 stars 58 forks source link

fix: Handle properly jwt tokens #285

Closed filipecabaco closed 7 months ago

filipecabaco commented 7 months ago

What kind of change does this PR introduce?

Handle properly jwt tokens as currently we were using only the apikey and that is not enough for scenarios with RLS policies.

w3b6x9 commented 7 months ago

@filipecabaco what's the distinction between the tokens? How is Realtime server gonna use either?

chasers commented 7 months ago

Oh also need to do this in the Broadcast POST!

chasers commented 7 months ago

API Gateway requires anon or service role for the apikey.

filipecabaco commented 7 months ago

What @chasers said. We need to emulate the following request:

const response = await fetch(channelUrl, {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
        Authorization: `Bearer ${session?.access_token!}`,
        apikey: process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
      },
      body: JSON.stringify({ name }),
    });

filipecabaco commented 7 months ago

added the same logic to HTTP Broadcast push