New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clients should take an optional supabase_token (workaround provided) #658
Comments
honestly,supabase_key is identical to access_token,as the first time you call property like postgrest,it will autonomously init by supabase_key |
but it seems like creating client by access token that got after signed in from front-end does not work properly to recognize the User,I mean if u called get_session,will get None,quite wired.it's bug I think |
@Atticuszz Actually there's a difference between the site's private supabase key and the user's access token. If you do the workaround that I proposed, then a CLI client can access the user's data. If you use the user's access token as the supabase key, you will get an authentication error from supabase. |
@turian thanks for point out it!i do test access token as key,auth failed ,cause the auth_token set None if we do not sign in with posswords etc,my solution is use the original key in supabase project,and use the clien.auth.set_session(access_token,refresh_token),the client will be treated as the owner of acces_token |
I will investigate this a bit more to see if this is been handled differently with the supabase-js library. |
i try to fix it in PR #656 |
You can pass a user's access token using a header create_client(
url,
key,
options=ClientOptions(
headers={"Authorization": f"Bearer {access_token}"},
),
) |
thanks(′▽`ʃ♡ƪ) i got it |
@silentworks It does not work, in the init. The create_client, eventually tries to create a SyncClient and the init has this code
It replaces whatever option headers you passed in the As the OP mentioned the workarround of using client.postgrest.auth(access_token) works, because it rewrites the header auth after the initialization. |
@Atticuszz I saw you fast api supabase boilterplate ( i'm working with fast api too) and I think you need to support the custom auth. In my use case the fastapi relies on the RLS of supabase + supabase auth, in order to RLS to work correctly you need to pass the user's access_tokens to the supabase postgrest client. |
Thanks for your suggestion .my solution is letting supabase js take care the auth,case i think it's easier to work with ui with it,and what's custom auth?my boilterplate is auto pass acces stoken to supabase and pos client by deps |
My workarround, to get this done, rewrite the def create_supabase_client(access_token: str) -> Client:
supabase: Client = create_client(
settings.SUPABASE_URL,
settings.SUPABASE_API_KEY,
)
# This is the hacky way to get supabase doing what we need using users JWT
supabase._auth_token = {
"apiKey": f"{settings.SUPABASE_API_KEY}",
"Authorization": f"Bearer {access_token}",
}
return supabase |
Thanks @sebasortiz-dev! I was struggling with a similar issue (using RLS but with 3rd party auth). The previous suggestions did not work for me, but yours did. |
This is not enough, the headers are being duplicated all over the place in the client: The options object: The auth client: The following hack works for me, where we dynamically subclass the object to patch
|
This PR should have resolved this issue #766. |
Closing this out as I believe it has been resolved. |
Is your feature request related to a problem? Please describe.
I have a serverless application, using just supabase as the backend. (No flask, fastapi, etc.)
I'm writing a CLI client in Python. The only way I can figure out how to auth the user, is to put my access_token into the client using environment variables. (This is because the CLI might run on a remote machine with no browser.) However, getting the supabase client to accept the access_token is difficult, because it uses
supabase_key
as both the apikey AND bearer token.Describe the solution you'd like
and use
supabase_access_token
when constructing headers.Describe alternatives you've considered
works but is very janky and undocumented.
Additional context
Appears related to #221, #616, #645
This suggests that it is a commonplace issue.
The text was updated successfully, but these errors were encountered: