hf
commented
1 month ago Merge after platform changes are released.
Open hf opened 1 month ago
hf
commented
1 month ago Merge after platform changes are released.
coveralls
commented
1 month ago | Changes Missing Coverage | Covered Lines | Changed/Added Lines | % | ||
|---|---|---|---|---|---|
| src/SupabaseClient.ts | 7 | 9 | 77.78% | ||
| <!-- | Total: | 7 | 9 | 77.78% | --> |
| Files with Coverage Reduction | New Missed Lines | % | ||
|---|---|---|---|---|
| src/SupabaseClient.ts | 1 | 65.65% | ||
| <!-- | Total: | 1 | --> |
| Totals | |
|---|---|
| Change from base Build 8465437755: | 1.0% |
| Covered Lines: | 95 |
| Relevant Lines: | 124 |
j4w8n
commented
3 weeks ago Correct me if I'm wrong, but couldn't this also be used to authenticate supabase clients, for RLS, during API requests? This assumes a Supabase JWT is being used as the API key.
So instead of adding the JWT to the global header, you'd use accessToken, because I believe supabase-js will use this for db fetch requests.
/* Some API endpoint that your user hits. */
const jwt = 'get-from-request-authorization-header'
const supabase = createClient(
env.SUPABASE_URL,
env.SUPABASE_ANON_KEY, {
+ accessToken: async () => { return `${jwt}` }
- global: {
- headers: {
- Authorization: `Bearer ${jwt}`
- }
- },
- auth: {
- persistSession: false,
- detectSessionInUrl: false,
- autoRefreshToken: false
- }
})
const { data, error } = await supabase.from('table').select('column')
Adds support for the
accessTokenoption on the Supabase client which can be used to provide a third-party authentication (e.g. Auth0, Clerk, Firebase Auth, ...) access token or ID token to be used instead of Supabase Auth.When set,
supabase.auth.xyzcannot be used and an error will be thrown.