I just wanted to know how can I change my service role key,if its accidentally leaked?

This seems to be an issue, even saw the issue on the happy hour stream last week. Any update on if this is being fixed? Right now its basically unusable in react.

I figured I'd give supabase a try locally. I have the following code:

<script src="https://cdn.jsdelivr.net/npm/@supabase/supabase-js"></script>

email
<input type="text" id="email">
<button onclick="signInWithEmail()">signin</button>

<script>
const SUPABASE_KEY = 'xxx'
const SUPABASE_URL = "yyy"
const client = supabase.createClient(SUPABASE_URL, SUPABASE_KEY);

async function signInWithEmail() {
  console.log(`Trying to log in ${document.getElementById("email").value}`)
  const { user, error } = await client.auth.signIn({
    email: document.getElementById("email").value
  })
  console.log(user);
  console.log(error);
}
</script>

This is hosted on localhost:8000 and supabase is configured to send a magic link with a re-direct. The redirect works ... I briefly see extra info in the URL, but how does the user actually get authenticated? The docs (https://supabase.com/docs/guides/auth/auth-magic-link) suggest that I merely need to call

.auth.signIn

but that's the same method that I used to send the email? Is there an example of basic email authentication that uses vanilla JS with supabase hosted via CDN.

Hi, I recently changed a certain relationship in my database. When I tried to grab data from the database, it said "If a new relationship was created, try reloading the schema cache." How can I go about reloading the schema cache?

When I invite a user to my project using the web UI, they get an invalid link referencing localhost. Is there any fix I can do on my side?

Hi, I'm trying to import typescript types using sudo supabase gen types typescript --db-url postgres://.... > database.types.ts however I'm getting "Error: error running container" Does anyone have any ideas?

Whenever I use the codegen to create the types from the queries it does not generate the properties with [Int] for the update type: For example the type "Profile" is correctly generated as:

type profiles {
    birthday: Date
    can_be_roommate: Boolean
    created_at: Datetime
    description: String
    display_name: String!
    employment: Int
    first_name: String!
    id: BigInt!
    last_name: String!
    search_as: Int
    tenant_attributes: [Int]
    user_id: UUID!
}

But its mutation type is missing the tenant_attributes input profilesUpdateInput { birthday: Date can_be_roommate: Boolean created_at: Datetime description: String display_name: String employment: Int first_name: String last_name: String search_as: Int user_id: UUID } Error: × GraphQL Document Validation failed with 1 errors; Error 0: GraphQLDocumentError: Field "tenant_attributes" is not defined by type "profilesUpdateInput".

Is there a way to get the Google Image URL when a user logs in with Google, and save it in the photo_url row in the database?

Most of the documentation seems to assume you're using supabase on both browser client and api side. We have a custom GQL api that needs to get the users JWT from Authorization header and create a client as that user for the duration of that request. Attempting to use this in my request context (ApolloGQL server)

export const getClient = (token?: string): SupabaseClient => {
  return createClient(SUPABASE_API_URL, token || SUPABASE_ANON_TOKEN);
};

This doesn't seem to create me a client authorized as that user (token is the JWT from Authorization header)

supabase.auth.user()

is null but tells me I should use

auth.api.getUserByCookie()

to do this in the server context. But I'm not using a cookie or any type of session management

getting compiler errors when deploying that dont show locally, my

deno.json

looks like this: > { > "compilerOptions": { > "allowJs": true, > "esModuleInterop": true, > "experimentalDecorators": true, > "inlineSourceMap": true, > "isolatedModules": true, > "jsx": "react", > "lib": ["deno.window"], > "module": "esnext", > "moduleDetection": "force", > "target": "esnext", > "useDefineForClassFields": true, > "strictNullChecks": false, > "strictFunctionTypes": false, > "noUncheckedIndexedAccess": true > } > } >

There doesn't seem to be up to date documentation describing how to use the interface portion of the database functions. What are we expected to write in the definition? Is it the full:

create function hello_world()
returns text
language plpgsql
security definer set search_path = public
as $$
begin
  select 'hello world';
end;
$$;

and if so what's the relationship between the parameters defined above via GUI and what we write in the function?

Hi All This is my first post here. I am trying to use the python client to query one of my db tables. All works fine until I try to use where. Like this. data = supabase.table(“atable").select("*").where(something=“something”).execute() I get an error AttributeError: 'SyncSelectRequestBuilder' object has no attribute 'where' Is there another operator I can use? Thanks

I have a table named "Recipes" in my public schema, however I only want logged in users to be able to access the data. So I created a RLS policy as seen below. However as soon as I activate it, I can no longer access the data through the js api (v2). It returns an empty array.

supabase.from("Recipes").select()

Looking at my session from the browser, the access token says I'm an authenticated user (

"aud": "authenticated"

). The

auth.users

table agrees. What am I doing wrong here?

It is super weird, yesterday my code for user signup and signin worked just fine. Without changes on my code today, I am not getting the

user

and the

session

back, but an error:

{
  "data": null,
  "user": null,
  "session": null,
  "error": {
    "message": "Request Failed"
  }
}

All requests return 200 and I can't find something unusual in the API or Database logs. I am using the ANON key. GET requests to read data work just fine. Does anyone have an idea, what could have been responsible for this error? Thanks in advance! 🙏

Hey guys, I am currently working on an project where i have a objectA which consists of many objectB´s. A basic one to many relationship. Here is some pseudo sql code of the table:

sql
create table objectA ( id )
create table objectB ( id, objectA_id references objectA id)

and i to create those types with the swagger codegen: https://pub.dev/packages/swagger_dart_code_generator (please do not mind syntax. the classes have the json serialization annotation correctly)

dart
class ObjectA() {
  id,
  List<ObjectB> objectBs,
}
class ObjectB() {
  id
}

but the codegen is generating smth like this

dart
class ObjectA() {
  id,
}
class ObjectB() {
  id,
  objectA_ID,
}

which means an postgrest call in dart like this wouldn´t work because objectA.fromJson never reads the value ObjectB:

dart
final response = await _supabaseClient
          .from('objectA')
          .select(
            '''
            *,
            objectB (
              *
            )
            ''',
          )
          .eq('id', id)
          .single()
          .execute();
final data = response.data as Map<String, dynamic>;
return ObjectA.fromJson(data);

any reccomendations or best practices on how to solve this?

I wrote an insert function to insert new records into supabase but it's not showing up in the database. It is however coming up in the front-end and I'm getting a response. Would anyone be able to help figure out the issue why it's not updating on supabase?

Hi, I have a table called

Recipes

in which I created a column

image_id

which is a foreign key to an image id in my public bucket

recipe_images

. I would think that with the js API I could get the image with

const { data, error } = await supabase.from("Recipes").select("recipe_images(*)")

. However this results in

Could not find a relationship between 'Recipes' and 'recipe_images' in the schema cache

I can't find the correct way in the docs, does someone know how to do this?

const supabase = createClient(
  'process.env.DB_URL,
  process.env.SUPABASE_SECRET_KEY
)
const { data, error } = await supabase
  .from('user_tokens')
  .insert([{ token_read_key: code, token: session.access_token }])

error: new row violates row-level security policy for table

Any idea why this happens?

Right now, I have two tables. `chat`: a table that has chat messages with data like the contents and email of the sender for each message, with a foreign key relation based on the email `schoology_users`: a table that has information from an external service, like oauth keys, and the name and profile picture of the person In order to display the chat message, I use something like

js
  supabase
    .from("chat")
    .select(
      `
      *,
      schoology_users (
        name,
        profile_picture
      )
      `
    )

I don't want to allow people to view the auth keys for each person anonymously, but the query doesn't work with the anon key once I enable RLS for

schoology_users

. What should I do here? (Also feel free to suggest a better title and/or tags, could be my actual solution would be different from what I think)

Hi there, I've set up a ReactJS app and I'm trying to implement discord auth. When trying to login I get send to discord page. Because of this the page unloads and I dont get my user into my data variable.

const data = await supabase.auth.getUser();

Any way to for instance open the discord auth page in another tab of window?

When I try to change my id column type, the supabase give me a error

failed to update pg.columns with the given ID: cannot cast type bigint to uuid

how can I fix it?

I think I may have to stick with doing this as two tables but on the off chance I'm just being dense about RLS syntax. I am experimenting with RLS using a use case of purely private rooms. I want to set RLS up so that a user can only see information for rooms they created/own or are a member of and to be able to see the other members of the room. There is a rooms table, a profiles table, and a room members table that is just FK to the room ID and the profile ID. I can't seem to figure out how to make it so that the room members table will only allow visibility into rows that correspond to rooms that the user is a member of. It creates an infinite recursion since it requires queries on the table itself. My solution is to have a "my rooms" table and a "room members" table which are essentially the same data with different RLS policies. Then the "Room Members" rule can reference the "my room" data in its RLS which breaks the recursion issue. It feels janky so I figured I'd post it here in case I'm missing something obvious.

Hello, I want to filter by names and I don't want to search for names by checking if a name contains the search string (in my case I currently use

.ilike()

), but I want to search by checking if the text starts with the specified string. Example:

Some names:
- John
- Marry
- Joe

If I search for

Jo

, John and Joe should be returned.

In my app I create the user on the server because I end up creating a stripe user and default free subscription along the way. I want to incorporate Google SSO but its becoming quite tedious since there is no way from separating the sign in vs sign up actions.

I am reading the docs up and down, but I cannot find it, how do I pass the auth to the API request? Let's say I have a table where INSERT is for Authorized only.

const { data, error } = await supabase
  .from('Contracts')
  .insert([
    { some_column: 'someValue', other_column: 'otherValue' },
  ])

This will throw:

{code:"42501"
 message: "new row violates row-level security       policy for table \"Contracts\""}

Ofc which it should. Pls, help. EDIT: Using:

"@supabase/supabase-js": "^1.35.6",
 "@supabase/ui": "^0.36.5",

& NextJS

It seems like twitter (and other social) login doesn't work with supabase if a user is missing an email address. I think these issues confirm it: - https://github.com/supabase/supabase/issues/2853 - https://github.com/supabase/gotrue/issues/214 And the work to fix the issue is being stalled: https://github.com/supabase/gotrue/pull/414 Am I up to date on this topic? I'm not sure how many users would churn if I redirect those users back to twitter, saying they need to add email address there first. Is there any workaround?

I see that supabase studio only give us the dashboard to create our tables, storage, etc, etc. But it does not however give us the UI to put the dashboard behind an authentication UI. I am looking for guidance on best practices, thanks!

I have the following scenario: userA and userB each have the ability to upload files to a specific folder path.

((bucket_id = 'contract-attachments'::text) AND ((uid())::text = (storage.foldername(name))[2]))

what I'm struggling to figure out at the moment, is how to write a policy that would allow both users to select/download each other attachments. I also wonder if there's a way for me to rearchitect these file paths to make the problem simpler

How can we integrate the supabase authentication in Kotlin?

How can we create a one-to-one relationship in supbase?