2

I'm coming from Firebase Function... Where I can use the Admin Library to access database from the Function bypassing all security rules? On supabase I didn't yet find a way to do that, the documentation is very scarce. Now I'm using this code to access the database from function as the user who requested the function:

const supabaseClient = createClient(
      Deno.env.get("SUPABASE_URL") ?? "",
      Deno.env.get("SUPABASE_ANON_KEY") ?? "",
      { global: { headers: { Authorization: req.headers.get("Authorization")! } } }
    );

But for one of my function, I have to access bypassing all policies, as the function was "admin", and when I remove de third params line in this code (Which was the only vague explanation how to do that I found) I get the error:

AuthApiError: invalid claim: missing sub claim at ...

I also tried change the SUPABASE_ANON_KEY to SUPABASE_SERVICE_ROLE_KEY, same error.

Bergi
  • 630,263
  • 148
  • 957
  • 1,375
Jackson D
  • 130
  • 6

1 Answers1

1

Use a service role key to bypass the security rules, make sure you have a valid service key role .

The key you are using Deno.env.get("SUPABASE_ANON_KEY") ?? it has anonymous access and will not bypass security rules.

const supabaseClient = createClient(
Deno.env.get("SUPABASE_URL") ?? "",
Deno.env.get("SUPABASE_SERVICE_ROLE_KEY") ?? "",
Deno.env.get("SUPABASE_SERVICE_ROLE_KEY") ?? "",
{ global: { headers: { Authorization: `Bearer ${Deno.env.get("SUPABASE_SERVICE_ROLE_KEY")}` } } });

Replace the "SUPABASE_SERVICE_ROLE_KEY" with value of actual service role key to to bypass security rules.

Robina Mirbahar
  • 413
  • 1
  • 11