Hi, my server-side client is set with

flowType: "pkce"

but auth flow doesn't seem to be working in local auth:

signInWithOtp

sends the email but the auth API redirects me to

#error=invalid_request&error_code=400&error_description=Verify+requires+a+token

, which is probably an error from the

implicit

flow. Did I miss something, like upgrading something manually? Is the CLI actually ready for PKCE? Thanks a lot and keep up with the good work! 🙂👍 CLI: 1.50.14 supabase-js: 2.21.0 NB: I'm calling

signInWithOtp

from the server-side client.

I have subscriptions set up via PayPal for my app and I'm trying to make an edge function that can handle any events such as cancellations, failed payments, etc. What would be the URL to provide PayPal so they can send an event that my Edge Function can listen for? I tried ``https://[MY_PROJECT].functions.supabase.co/listen-paypal`` to no avail. This reference seems helpful but doesn't cover the basics of how to actually receive the event ``https://github.com/supabase/supabase/blob/master/examples/edge-functions/supabase/functions/stripe-webhooks/index.ts``

I came across an issue with social login. I am trying implement authentication to Notion by using Supabase in a browser extension. After authentication, I receive

access_token

, but when I use it in Notion client I am getting an error: "API token is invalid." Here https://github.com/orgs/supabase/discussions/5787#discussioncomment-5470051 is how I implemented authentication flow: When `onAuthStateChange`'s callback occurs on

SIGNED_IN

event, I got an

access_token

and set up

notionClient

. The problem is that if I use the

access_token

, I get the error: "API token is invalid." I got this error if I call

GET_NOTION_PAGE

in my code. I also tried to use the

access_token

directly through rest api call and i am getting the same error: https://cdn.discordapp.com/attachments/1100798506333118666/1100798507817898007/supabase.ts https://cdn.discordapp.com/attachments/1100798506333118666/1100798508207984770/background.ts

It works fine when SSL is not enabled. Direct connection to the Postgres database works fine with and without SSL. Is this supported? Im using the CA certificate available for download in the dashboard.

I'm getting an error following the most recent migration guide trying to get a dump of my db to build a new production server.

Error: cannot parse `db.${db-code}.supabase.co`: failed to parse as DSN (invalid dsn)

This happens with this command set on all three commands

supabase db dump --db-url "$OLD_DB_URL" -f roles.sql --role-only
supabase db dump --db-url "$OLD_DB_URL" -f schema.sql
supabase db dump --db-url "$OLD_DB_URL" -f data.sql --data-only

I stored the url as a variable with

OLD_DB_URL="db.${db-code}.supabase.co"

I've tried variations with

https://

as a part of the url to no avail. Am I supposed to be formatting this url a certain way? The docs say DB Url, but DSN's are typically a URI created with a

postgresql

prefix on the URI with some other jutsu inside of it.

Hi , im trying to update an image in a bucket, using rest api , for upload it works fine but when I try to update the image throw that error.

CREATE POLICY "Enable insert for authenticated users only" 
ON "storage"."objects"
AS PERMISSIVE FOR INSERT
TO authenticated
WITH CHECK (true)

CREATE POLICY "Enable update for authenticated users only" 
ON "storage"."objects"
AS PERMISSIVE FOR UPDATE
TO authenticated
USING (true)
WITH CHECK (true)

Hey all, I'm trying to invoke an edge-function from the JS SDK but any custom headers I set do not seem to make it through. For example:

typescript
const creditCheck = await supbase.functions.invoke(
            'handle-event',
            {
                method: 'POST', body: req.body, headers: {
                    'user-agent': req.headers['user-agent'] as string,
                    'test': 'testing',
                }
            }
        );

In this example,

user-agent

is coming through as expected, but

test

does not. Is there some kind of config I need to set for allowed header values?

Hello, i'm new just learn supabase. Previously i always built app using firebase, but since it's become more expensive as the app grows, i want to try self-hosted supabase. But the problem is i still can't get used to querying the data, especially when trying to do something like this on supabase

query(chatRoomsRef, where("userIds", "array-contains", currentUserUid));

that's how i did on firebase, i've tried

contains

and

containedBy

but i need to specify all of the array values, is there a way to achieve this? also i need to listen to the data in realtime

Hey I know this outside the scope of supabase but was wondering if there is somewhere I can allow certain IPs to connect to our DB? We are trying to setup Retool w/ our supabase DB, but its saying their IP is getting denied and we should ensure that we allow their IP's to connect. Is there somewhere we can do that in supabase?

I have a Postgres function called calculate_report() that do some heavy calculation. How can I make sure anon and authenticated users can not call function from client side?

Hello, I am using Draftbit and Supabase to create a social media app and I am struggling with uploading images to my buckets. I currently have two buckets that are public and with no policies. One of the buckets is for avatars and the other is for posts. The API that I am using is https://[Reference ID].supabase.co/storage/v1. I have tried a post request with it but it gives me an error message. Is there a better approach to uploading an image?

Hello all! I'm trying to write a supabase query with the JavaScript library that searches using a query string. For a table "appointments" with a field "title" and a foreign key constraint field "service" to the "services" table, it should return all appointments whose "title" field or "service.name" field is ilike the query string. I know the structure of the "or" query builder is something like

.or("title.ilike.value, ...")

so to query the foreign key I tried

.or("title.ilike.value,service.name.ilike.value")

but this can't be parsed, I'm guessing because the extra period in "service.name". How can I structure this "or" properly? Do I have to use an RPC for this or is it possible through the JS library? Any and all help is appreciated. Thanks!

Hey guys, I want to build an app that allows the users to evaluate a movie, grocery, ... My first idea was to create a column for "ratings". In this column the rows (items/movies/...) have an array with the size of 2 (thumbs up or down) or 5 (stars). Each index is a bin for the users that voted i.e.: Index 0 stands for 0 stars and all the user id's are listed that gave this rating. Always requesting all the users and all the different options are a lot of data. Also to add a vote I would have to pull the array, add the vote and then update the array. I also read that this is not the "supabase kinda way". Maybe you can help me with that? What would be a good data type? Should I use a schema for all the items and then a table for each item and 5 rows for each star? Thanks ahead!

I'm really trying hard to setup a great development pipeline of local -> dev -> production and really having trouble understanding some of the local development features. Currently I'm trying to understand the distinction between when someone populates data in the seed.sql file to create persistant data when developing, and when someone runs

supabase stop --backup

. My understanding was that

supabase stop --backup

would save the data within the backend and re populate tables when booting back up, but this has NOT been my experience. Does anyone understand why?

I want to prevent account sharing in my nextjs website. so the logic I am trying to implement is to kill any active session to sign out all other user sessions except the current one. But I wasn't able to find the right way to do this. Also I am open to any other ideas. However i don't want to use MFA / or using a non password based auth.

hi, im new to SQL i'm trying to allow anon updates to rows with the RLS being

CREATE POLICY "policy_name_"
ON public.products
FOR UPDATE
TO 'anon'
USING (
true
);

and my with check expression is

WITH CHECK (true);

I have the anon role and UPDATE operation ticked. But it returns error:

Error adding policy: failed to create pg.policies: syntax error at or near "CREATE"

how should i fix this, thanks

Hi all! What I want to do is set up a client-side authenticated connection to a realtime server listening for postgres changes, and I've narrowed the bug down to two potential places. For context, the realtime listening works when RLS is disabled, and when an RLS policy is enabled for anon users (USING true; WITH CHECK true). However, the desired end state is that only auth'd, not anon, users can listen for changes on rows that they are the owner of. In our

projects

table there is a column named

owner_auth_id

of type

uuid

that references

auth.users.id

. So the RLS policy should look like

USING (auth.uid() = projects.owner_auth_id)

correct? The other part where the bug may exist is how we set the "auth" part in the client side supabase client. Do we have to do anything special there after the user signs in? I tried adding a

supabase.auth.setSession()

call but that didn't seem to fix it. Thanks in advance!

Here's what I tried so far: * current_setting, barebones, which is a pain to deal with, because it only stores strings, and I want to store numbers sometimes, so I need to cast them back, making the tests harder to read. * I can use functions to return const values, but it's too much code for a simple purpose, but so far this is the only doable way. * I also tried to make the tests run inside a test, so I can

DECLARE

but that didn't work for me

I'm currently using createServerSupabaseClient and supabase.auth.getSession() always returns null on the first try only. Upon refreshing the page, it is no longer null. I'm using the supabase auth helpers and users are signing in via supabase auth ui before getting redirected to the affected page via the redirectTo param. This is happening within getServerSideProps (nextjs)

If a user login from different devices/browsers. Could he manage his session e.g. logout from all/any other his devices? Dose Supabase support this natively? If so, I could save my life🥳

Websocket forwarding behind Traefik - I am trying to get the self hosted samples running in a PoC at work. It seems I can't do basic plumbing here. Anyone have any suggestions on CLI / Curl I can use to verify basic portions of the app are running. I have to make it work behind a Traefik reverse proxy running 2.6.x of Traefik. My requests to upgrade to a ws:// appear to be erroring out so I'm trying to brainstorm ways to debug this.

Is there an SDK for Ruby/Rails?

Create a customer table and I'm testing it through postman, how to make the supabse return the id of the newly created customer

I'm working on a new db migration, in which I create a function and a trigger that calls that function whenever a new row is inserted in a table called

public.profiles

, creates a corresponding row in

public.calendars

. Locally (

supabase db reset

) this works fine: after executing

seed.sql

I see the new row in

public.calendars

. When I deploy (

supabase db push

), it deploys successfully, but if I try to create a new user (which creates a new row in

auth.user

and using the tutorial's user management sql pack, creates a row in

public.profiles

), I get back

function sync_calendars_with_new_user_profile(public.profiles) does not exist

. When I inspect the GUI, I can see the function is defined (see photos), so it looks like everything should work. I'm really at a loss at how to debug this further. Has anyone run into this? Here's the code I have defined:

CREATE OR REPLACE FUNCTION sync_calendars_with_new_user_profile(NEW_USER public.profiles) RETURNS void AS $$
DECLARE 
    title text;
BEGIN
  SELECT NEW_USER.full_name || '''' || 's calendar' INTO title;
  INSERT INTO public.calendars (id, user_id, is_private, title)
  VALUES (gen_random_uuid(), NEW_USER.id, FALSE, title);
  RETURN;
END;
$$ LANGUAGE plpgsql;

CREATE OR REPLACE FUNCTION sync_calendars_with_new_user_profile_trigger_function() RETURNS trigger AS $$
BEGIN
  PERFORM sync_calendars_with_new_user_profile(NEW);
  RETURN NULL;
END;
$$ LANGUAGE plpgsql;

CREATE OR REPLACE TRIGGER sync_calendars_with_new_user_profile_trigger AFTER INSERT ON public.profiles
FOR EACH ROW EXECUTE FUNCTION sync_calendars_with_new_user_profile_trigger_function();

And here's my `seed.sql`:

INSERT INTO auth.users (id, email, raw_user_meta_data)
  VALUES (gen_random_uuid(), 'foo@gmail.com', '{"full_name": "Foo Bar", "avatar_url": "www.google.com"}');

(Just a reminder: there's another trigger that for each new row in

auth.users

creates a new row in

public.profiles

, that's an intermediate step).

I'm currently using Supabase's storage to store images, and have used Supabase's postgres database to store the image's path in the bucket, as well as some image metadata I need to make my app work. Within my app, I would get a random row from my database, then using the path, I would use getPublicUrl. However, there is a pretty large delay before the image is displayed. How could I reduce the load time for displaying images when using Supabase? Thank you!

I've spent hours searching and feel like I've tried everything. I have a simple RPC call to increment a column but get this error.

create function increment_credits (value int, profileid uuid) 
returns void as
$$
  update profiles 
  set credits_used = credits_used + value
  where id = profileid
$$ 
language sql volatile;

I tried adding

security definer
set search_path = public

but no luck. Can anyone nudge me in the right direction? Thank you!

Got the following sveltekit webhook:

js
import Stripe from 'stripe';
import { error, json } from '@sveltejs/kit';
import { env } from '$env/dynamic/private';
import { supabase } from '$auth/supabase.js';

const stripe = new Stripe(env.SECRET_STRIPE_TEST_KEY)

export async function POST({ request }) {

  const body = await request.text()

  const signature = request.headers.get('stripe-signature')

  try {
    event = stripe.webhooks.constructEvent(body, signature, env.SECRET_STRIPE_TEST_WEBHOOK)
  } catch (err) {
    console.warn('⚠️ Webhook signature verification failed.', err.message)
    throw error(400, 'Invalid request')
  }

  if (event.type === 'checkout.session.completed') {

    const checkoutSession = event.data.object;
    const user_id = checkoutSession.metadata.user_id;
    const customer_id = checkoutSession.customer;

    const { data, error } = await supabase
      .from('members')
      .update({ customer_id: customer_id })
      .eq('id', user_id)
      .select();

    if (error) {
      console.error(error);
    } else {
      console.log('Updated Supabase data:', data);
    }
    
  }

  return json()
}

...and everything is working from stripe and sveltekit, but the 'members' table is not being updated with the stripe 'customer_id'... but there are no errors that I can find... it just... does't seem to work... not sure what I'm missing...

Hi all, I've been having a ton of fun with Next.js + Supabase and recently started playing around with the App layout which is super cool (I love the layouts/templates feature!) One of my hobby projects is using supabase for database and auth, and so it follows also that I'm using the client to fetch data. My current understanding is that with Next 13 we are encouraged to use the fetch API, and wherever in the component tree we need data, we just fetch it (rather than prop drilling) and Next takes care of de-duping. Is this correct? However, client libraries like supabase are not using this api (yet??), so it is my understanding that we create a single utility function for each query (let's say, a query to get the current session) and wrap it with the cache function, and then we can call it wherever we need it? My problem is that for a lot of data, it seems a ton easier just to prop drill. Rather than set up a useEffect and call the utility function and store the result in state over and over for each component. I'm probably totally misunderstanding this and am mostly just asking for clarity. Another subject I'm looking for clarity on is again working with supabase and handling the 'browser client' and 'server client'. I personally have enjoyed instantiating a single server client using the secret_token so that I have full admin priveleges on server side, and then creating a single browser client and passing cookies to handle auth. Is there anything wrong with this method? So to summarize my questions: 1. Prop drilling vs Fetching in each component? Create server client with secret token or with users cookie middleware with (next_auth_helper) I probably am misunderstanding everything so please be patient and thanks for your time 🙂

I'm trying to create a password-reset page, but when I actually submit a password reset the page simply reloads and nothing happens. No console logs. Not sure where to start, but here is my code https://pastebin.com/Jg7Qbq5Y . Any suggestions would be appricaited 🙏 Using nextjs 13 (not app folder)

Ive added autoRefreshToken at config, but my token is expiring but not auto refreshing, hou could i do it?