10

I'm coming from Firebase Function... Where I can use the Admin Library to access database from the Function bypassing all security rules? On supabase I didn't yet find a way to do that, the documentation is very scarce. Now I'm using this code to access the database from function as the user who requested the function:

const supabaseClient = createClient(
      Deno.env.get("SUPABASE_URL") ?? "",
      Deno.env.get("SUPABASE_ANON_KEY") ?? "",
      { global: { headers: { Authorization: req.headers.get("Authorization")! } } }
    );

But for one of my function, I have to access bypassing all policies, as the function was "admin", and when I remove de third params line in this code (Which was the only vague explanation how to do that I found) I get the error:

AuthApiError: invalid claim: missing sub claim at ...

I also tried change the SUPABASE_ANON_KEY to SUPABASE_SERVICE_ROLE_KEY, same error.

Improve this question

1 Answer 1

Reset to default
12
Answer recommended by Google Cloud Collective

Use a service role key to bypass the security rules, make sure you have a valid service key role .

The key you are using Deno.env.get("SUPABASE_ANON_KEY") ?? it has anonymous access and will not bypass security rules.

const supabaseClient = createClient(
Deno.env.get("SUPABASE_URL") ?? "",
Deno.env.get("SUPABASE_SERVICE_ROLE_KEY") ?? "",
Deno.env.get("SUPABASE_SERVICE_ROLE_KEY") ?? "",
{ global: { headers: { Authorization: `Bearer ${Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")}` } } });

Replace the "SUPABASE_SERVICE_ROLE_KEY" with value of actual service role key to to bypass security rules.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This saved me a lot of time! Hope this is the way to go for authenticating Edge functions and bypassing policies
I'm glad to hear this was helpful for you! 🎉 Yes, this approach is commonly used to authenticate Edge functions effectively while bypassing specific policies when needed. However, it's always important to ensure that bypassing policies aligns with security best practices and doesn't compromise your system's integrity [email protected].

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.