Clients should take an optional supabase_token (workaround provided) #658
Comments
|
honestly,supabase_key is identical to access_token,as the first time you call property like postgrest,it will autonomously init by supabase_key |
|
but it seems like creating client by access token that got after signed in from front-end does not work properly to recognize the User,I mean if u called get_session,will get None,quite wired.it's bug I think |
|
@Atticuszz Actually there's a difference between the site's private supabase key and the user's access token. If you do the workaround that I proposed, then a CLI client can access the user's data. If you use the user's access token as the supabase key, you will get an authentication error from supabase. |
|
@turian thanks for point out it!i do test access token as key,auth failed ,cause the auth_token set None if we do not sign in with posswords etc,my solution is use the original key in supabase project,and use the clien.auth.set_session(access_token,refresh_token),the client will be treated as the owner of acces_token |
|
I will investigate this a bit more to see if this is been handled differently with the supabase-js library. |
|
i try to fix it in PR #656 |
|
You can pass a user's access token using a header create_client(
url,
key,
options=ClientOptions(
headers={"Authorization": f"Bearer {access_token}"},
),
) |
thanks(′▽`ʃ♡ƪ) i got it |
|
@silentworks It does not work, in the init. The create_client, eventually tries to create a SyncClient and the init has this code It replaces whatever option headers you passed in the As the OP mentioned the workarround of using client.postgrest.auth(access_token) works, because it rewrites the header auth after the initialization. |
|
@Atticuszz I saw you fast api supabase boilterplate ( i'm working with fast api too) and I think you need to support the custom auth. In my use case the fastapi relies on the RLS of supabase + supabase auth, in order to RLS to work correctly you need to pass the user's access_tokens to the supabase postgrest client. |
Thanks for your suggestion .my solution is letting supabase js take care the auth,case i think it's easier to work with ui with it,and what's custom auth?my boilterplate is auto pass acces stoken to supabase and pos client by deps |
|
My workarround, to get this done, rewrite the def create_supabase_client(access_token: str) -> Client:
supabase: Client = create_client(
settings.SUPABASE_URL,
settings.SUPABASE_API_KEY,
)
# This is the hacky way to get supabase doing what we need using users JWT
supabase._auth_token = {
"apiKey": f"{settings.SUPABASE_API_KEY}",
"Authorization": f"Bearer {access_token}",
}
return supabase |
Thanks @sebasortiz-dev! I was struggling with a similar issue (using RLS but with 3rd party auth). The previous suggestions did not work for me, but yours did. |
This is not enough, the headers are being duplicated all over the place in the client: The options object: The auth client: The following hack works for me, where we dynamically subclass the object to patch |
|
This PR should have resolved this issue #766. |
|
Closing this out as I believe it has been resolved. |
Is your feature request related to a problem? Please describe.
I have a serverless application, using just supabase as the backend. (No flask, fastapi, etc.)
I'm writing a CLI client in Python. The only way I can figure out how to auth the user, is to put my access_token into the client using environment variables. (This is because the CLI might run on a remote machine with no browser.) However, getting the supabase client to accept the access_token is difficult, because it uses
supabase_keyas both the apikey AND bearer token.Describe the solution you'd like
and use
supabase_access_tokenwhen constructing headers.Describe alternatives you've considered
works but is very janky and undocumented.
Additional context
Appears related to #221, #616, #645
This suggests that it is a commonplace issue.
The text was updated successfully, but these errors were encountered: