Open hf opened 1 month ago
Merge after platform changes are released.
Changes Missing Coverage | Covered Lines | Changed/Added Lines | % | ||
---|---|---|---|---|---|
src/SupabaseClient.ts | 7 | 9 | 77.78% | ||
<!-- | Total: | 7 | 9 | 77.78% | --> |
Files with Coverage Reduction | New Missed Lines | % | ||
---|---|---|---|---|
src/SupabaseClient.ts | 1 | 65.65% | ||
<!-- | Total: | 1 | --> |
Totals | |
---|---|
Change from base Build 8465437755: | 1.0% |
Covered Lines: | 95 |
Relevant Lines: | 124 |
Correct me if I'm wrong, but couldn't this also be used to authenticate supabase clients, for RLS, during API requests? This assumes a Supabase JWT is being used as the API key.
So instead of adding the JWT to the global header, you'd use accessToken
, because I believe supabase-js will use this for db fetch requests.
/* Some API endpoint that your user hits. */
const jwt = 'get-from-request-authorization-header'
const supabase = createClient(
env.SUPABASE_URL,
env.SUPABASE_ANON_KEY, {
+ accessToken: async () => { return `${jwt}` }
- global: {
- headers: {
- Authorization: `Bearer ${jwt}`
- }
- },
- auth: {
- persistSession: false,
- detectSessionInUrl: false,
- autoRefreshToken: false
- }
})
const { data, error } = await supabase.from('table').select('column')
Adds support for the
accessToken
option on the Supabase client which can be used to provide a third-party authentication (e.g. Auth0, Clerk, Firebase Auth, ...) access token or ID token to be used instead of Supabase Auth.When set,
supabase.auth.xyz
cannot be used and an error will be thrown.