Realtime RLS does not work if I don't explicitly setAuth #1304
Description
Bug report
Describe the bug
I have valid session in supabase.auth, however if I subscribe to a channel, I'm not getting any data, because of RLS.
If I use supabase.realtime.setAuth with the access token, that has already been in the auth.session, the data starts coming.
To Reproduce
- create table
public.testwith column uid (so the RLS can be set so users can only read their data) - allow realtime
- set auth policy so that users can only read their data
- sign in user in your codebase, so that you have valid
supabase.auth.getSession
const channel = supabase.channel("premium").on(
'postgres_changes',
{ event: 'UPDATE', schema: 'public', table: 'test'},
(payload) => {
console.log("Premium change payload", payload);
}
).subscribe((status, err) => {
if (err) {
console.error("Error subscribing to premium channel", err);
}
console.log("Subscription status", status);
})this code won't reliably receive updates for the signed in user in the public.test table. However if we add something like this, the data starts coming.
const { data, error } = await supabase.auth.getSession();
if (error || !data) {
console.error("Error getting session", error);
return;
}
supabase.realtime.setAuth(data.session.access_token);Expected behavior
I was expecting that the session is propagated automatically. I only found this reference in documentation, but that's referring to custom tokens, but this happened for regular supabase sign in without no custom tokens. So either the auth should be propagated to realtime automatically or add mention do documentation to always use setAuth for realtime.
System information
- OS: macOS
- Browser: electron
- Version of supabase-js: [2.45.2]
- Version of Node.js: [16]
Additional context
Add any other context about the problem here.