feat: add third-party auth support #1004
Conversation
Pull Request Test Coverage Report for Build 8509611266Details
💛 - Coveralls |
|
Correct me if I'm wrong, but couldn't this also be used to authenticate supabase clients, for RLS, during API requests? This assumes a Supabase JWT is being used as the API key. So instead of adding the JWT to the global header, you'd use /* Some API endpoint that your user hits. */
const jwt = 'get-from-request-authorization-header'
const supabase = createClient(
env.SUPABASE_URL,
env.SUPABASE_ANON_KEY, {
+ accessToken: async () => { return `${jwt}` }
- global: {
- headers: {
- Authorization: `Bearer ${jwt}`
- }
- },
- auth: {
- persistSession: false,
- detectSessionInUrl: false,
- autoRefreshToken: false
- }
})
const { data, error } = await supabase.from('table').select('column') |
Absolutely. No more needing to patch the |
hf
force-pushed
the
hf/add-third-party-auth-support
branch
from
10170f4
to
c6fbbd1
Compare
| this.accessToken = settings.accessToken | ||
|
|
||
| this.auth = new Proxy<SupabaseAuthClient>({} as any, { | ||
| get: (prop) => { | ||
| throw new Error( | ||
| `@supabase/supabase-js: Supabase Client is configured with the accessToken option, accessing supabase.auth.${prop} is not possible` | ||
| ) | ||
| }, | ||
| }) |
There was a problem hiding this comment.
@hf why would we not want folks to access this if the access token is set?
There was a problem hiding this comment.
is it because we want to prevent supabase auth from overriding the access token set?
Adds support for the
accessTokenoption on the Supabase client which can be used to provide a third-party authentication (e.g. Auth0, Clerk, Firebase Auth, ...) access token or ID token to be used instead of Supabase Auth.When set,
supabase.auth.xyzcannot be used and an error will be thrown.