Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect authorization on supabase.postgrest #272

Closed
dsnopek opened this issue Sep 16, 2022 · 4 comments
Closed

Incorrect authorization on supabase.postgrest #272

dsnopek opened this issue Sep 16, 2022 · 4 comments
Labels
duplicate This issue or pull request already exists

Comments

@dsnopek
Copy link

dsnopek commented Sep 16, 2022

After doing:

supabase.auth.sign_in(email=email, password=password)

... requests for data are still anonymous, rather than authenticated.

For example:

result = supabase.from_('table').execute();

... will apply the RLS policy with auth.uid() returning NULL.

Inspecting the headers sent, it looks like the 'Authorization' header contains "Bearer" plus my anon key, rather than the JWT access token from authenticating.

If I add this bit of code after supabase.auth.sign_in() it starts working:

supabase.postgrest.session.headers["Authorization"] = "Bearer " + supabase.auth.session().access_token

Somehow the session data isn't making it from gotrue-py over to postgrest-py?
@anand2312
Copy link
Contributor

Duplicate of #185
I've gotten a bit busy since the original issue was made, so I cannot make any promises on when this will be implemented by me. Anyone is free to try implementing this, I'd be happy to review any PRs

@anand2312 anand2312 added the duplicate This issue or pull request already exists label Oct 2, 2022
@timreibe timreibe mentioned this issue Oct 18, 2022
Closed
@digital-codes
Copy link

RLS still not working. I suspect the issue is related to the following code section in superbase-py/client.py:
https://github.com/supabase-community/supabase-py/blob/develop/supabase/client.py line 200

    def _get_auth_headers(self) -> Dict[str, str]:
        """Helper method to get auth headers."""
        # What's the corresponding method to get the token
        return {
            "apiKey": self.supabase_key,
            "Authorization": f"Bearer {self.supabase_key}",
        }

This sets the bearer token to the api key, which is plain wrong when using authentication tokens ... Any ideas on this?

@J0
Copy link
Collaborator

J0 commented Jan 23, 2023

Hey @digital-codes,

Thanks for the query!

Supabase introduced the concept of sessions so now on the js lib the fetch method will now make use of the access token on the session. I'll look into this when a cycle frees up or if anyone would like to take a stab at this PRs are welcome!

@J0
Copy link
Collaborator

J0 commented Jan 23, 2023

Hey team,

Going to close this issue in favour of tracking on #185 which is pinned.

Do feel free to comment here if there are any other questions/concerns though.
Jo

@J0 J0 closed this as completed Jan 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate This issue or pull request already exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dsnopek @J0 @digital-codes @anand2312