Integrating With Supabase Auth
Supabase Edge Functions and Auth.
Edge Functions work seamlessly with Supabase Auth.
Auth context#
When a user makes a request to an Edge Function, you can use the Authorization header to set the Auth context in the Supabase client:
_12import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'_12_12Deno.serve(async (req: Request) => {_12_12 const authHeader = req.headers.get('Authorization')!_12 const supabaseClient = createClient(_12 Deno.env.get('SUPABASE_URL') ?? '',_12 Deno.env.get('SUPABASE_ANON_KEY') ?? '',_12 { global: { headers: { Authorization: authHeader } } }_12 )_12_12})
Importantly, this is done inside the Deno.serve()
callback argument, so that the Authorization header is set for each request.
Fetching the user#
After initializing a Supabase client with the Auth context, you can use getUser()
to fetch the user object, and run queries in the context of the user with Row Level Security (RLS) policies enforced.
_20import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'_20_20Deno.serve(async (req: Request) => {_20_20 const supabaseClient = createClient(_20 Deno.env.get('SUPABASE_URL') ?? '',_20 Deno.env.get('SUPABASE_ANON_KEY') ?? '',_20 { global: { headers: { Authorization: req.headers.get('Authorization')! } } }_20 )_20_20 // Get the session or user object_20 const { data } = await supabaseClient.auth.getUser()_20 const user = data.user_20_20 return new Response(JSON.stringify({ user }), {_20 headers: { 'Content-Type': 'application/json' },_20 status: 200,_20 })_20_20})
Row Level Security#
After initializing a Supabase client with the Auth context, all queries will be executed with the context of the user. For database queries, this means Row Level Security will be enforced.
_19import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'_19_19Deno.serve(async (req: Request) => {_19_19 const supabaseClient = createClient(_19 Deno.env.get('SUPABASE_URL') ?? '',_19 Deno.env.get('SUPABASE_ANON_KEY') ?? '',_19 { global: { headers: { Authorization: req.headers.get('Authorization')! } } }_19 )_19_19 // Database queries will have RLS policies enforced_19 const { data, error } = await supabaseClient.from('profiles').select('*')_19_19 return new Response(JSON.stringify({ data }), {_19 headers: { 'Content-Type': 'application/json' },_19 status: 200,_19 })_19_19})
Example code#
See a full example on GitHub.