Integrating With Supabase Auth
Supabase Edge Functions and Auth.
Edge Functions work seamlessly with Supabase Auth.
Auth context
When a user makes a request to an Edge Function, you can use the Authorization header to set the Auth context in the Supabase client:
_12import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'_12_12Deno.serve(async (req: Request) => {_12_12 const authHeader = req.headers.get('Authorization')!_12 const supabaseClient = createClient(_12 Deno.env.get('SUPABASE_URL') ?? '',_12 Deno.env.get('SUPABASE_ANON_KEY') ?? '',_12 { global: { headers: { Authorization: authHeader } } }_12 )_12_12})
Importantly, this is done inside the Deno.serve()
callback argument, so that the Authorization header is set for each request.
Fetching the user
After initializing a Supabase client with the Auth context, you can use getUser()
to fetch the user object, and run queries in the context of the user with Row Level Security (RLS) policies enforced.
_21import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'_21_21Deno.serve(async (req: Request) => {_21_21 const supabaseClient = createClient(_21 Deno.env.get('SUPABASE_URL') ?? '',_21 Deno.env.get('SUPABASE_ANON_KEY') ?? '',_21 )_21_21 // Get the session or user object_21 const authHeader = req.headers.get('Authorization')!_21 const token = authHeader.replace('Bearer ', '')_21 const { data } = await supabaseClient.auth.getUser(token)_21 const user = data.user_21_21 return new Response(JSON.stringify({ user }), {_21 headers: { 'Content-Type': 'application/json' },_21 status: 200,_21 })_21_21})
Row Level Security
After initializing a Supabase client with the Auth context, all queries will be executed with the context of the user. For database queries, this means Row Level Security will be enforced.
_19import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'_19_19Deno.serve(async (req: Request) => {_19_19 const supabaseClient = createClient(_19 Deno.env.get('SUPABASE_URL') ?? '',_19 Deno.env.get('SUPABASE_ANON_KEY') ?? '',_19 { global: { headers: { Authorization: req.headers.get('Authorization')! } } }_19 )_19_19 // Database queries will have RLS policies enforced_19 const { data, error } = await supabaseClient.from('profiles').select('*')_19_19 return new Response(JSON.stringify({ data }), {_19 headers: { 'Content-Type': 'application/json' },_19 status: 200,_19 })_19_19})
Example code
See a full example on GitHub.