https://github.com/supabase/supabase/discussions/9487 When I log in to supabase.com with my github ID, I get the following error on https://app.supabase.com/# console. 1. UserObject missing! You should pass a UserObject to getValue(), in order to make targeting work properly. Read more: https://configcat.com/docs/advanced/user-object 2. Request URL: https://api.supabase.io/platform/profile Request Method: GET Status Code: 409 Response : {"message":"Failed to update user's profile","errorEventId":"e14bed5e74e7435b83ba5e3c57176c77"} in webpack://_N_E/node_modules/@sentry/utils/esm/instrument.js so, am i blocked? or have some problem? Can someone point me in the right direction? Thanks! 😄

js
{
  data: { user: null },
  error: AuthApiError: Internal server error
      at C:\Users\Riot\Documents\Project\node_modules\@supabase\gotrue-js\dist\main\lib\fetch.js:41:20
      at runMicrotasks (<anonymous>)
      at processTicksAndRejections (node:internal/process/task_queues:96:5) {
    __isAuthError: true,
    status: 500
  }
}

I get this error when I sign in + No cookies are set in the browser

Is it possible to create an rpc/database function in a private schema but call it from an edge function (using the service role in the edge function, which apparently is safe according to the docs)? Or would a private schema be off limits to the edge functions regardless of using the service role? Basically I have an edge function being called by pgcron and I will need to do a table insert – but I won't have an authed user to do RLS policy on as it's a shared table and no one really owns the rows so to speak anyway. My edge function is largely safe from abuse because you'll need a valid access token for a third-party API that it chats to anyway, so it bombs out immediately if I can't reach that third-party API. But, I have an RPC function that does the actual insert and is called by the edge function above (it does some checks and balances before inserting, hence the function and not an api insert). This currently works great but it's technically open to abuse because: 1. My Vue SPA app elsewhere leaks my anon key and url if you know where to look 2. RLS is on the table I'm inserting to stop it showing in the public API, but the rpc needs security definer to then get around it 🙄 3. So if you happen to guess the RPC function name and the right paramaters needed, you could in theory spam my table with junk I just wrote a huge post about having a custom secret/hash that the cron, edge and rpc can use to auth themselves. But then I thought, if the rpc is in a private schema it can't be abused, and as long as the service role in the edge function will let it call the rpc in the private schema, this should solve the problem right? And as I said, the edge function is effectively protected by needing an access token for a third-party API called within it anyway, so I just need to lock down the rpc function and I'm good? Can this be done?

I need to call an endpoint when a new user is created a new row is inserted in public.users. Supabase Webhooks are perfect for this. However, I need the send the access token of that new user, is there a built-in function in Postgres (like uid() for id)? EDIT: Such a function might not exist, no function to directly get the access token jwt. Please correct me if I’m wrong, but, when creating Webhooks, devs maybe thought it would be better to just send user’s id — Bearer auth.uid()  — and authenticate the user on the server with getUserById()… which would be very risky.

Hi folks, I can't work out the RLS rule to allow upserts, when insert is working fine, is there a rule I should be adding for upserting? thanks!

Hi there, I stuck with a little problem. I want to upload a file via my REST API. I found in the doc the endpoint to create an object. Now i can create empty file. Anyone know which argument I have to send to Supabase to add a real file ?

Hi, I have a few .rpc functions, and most of them are working fine. I wrote one today to use in a dynamic route and am getting PGRST202 error, although it does sometimes work. I tried scheme cache reloading. The .rpc is quite simple and just takes a uuid from the url and then uses this to fetch data from a few tables to display on the page. Has anyone else has intermittent issues with PGRST202?

I see that there are v2 updates to the sveltekit auth helpers. I was waiting for this for sometime.

Hey 👋 Is there a way to do an actual re-ordering in the columns of a table? I know we can drag the columns but it re-orders only locally (through

localStorage

). I would instead prefer to re-order for everyone at the same time (see screenshot attached) Maybe through some SQL statements? Cheers!

I pushed in one commit my key to github, so to protect my data, i rolled the JTW and since then i cannot access to the db on web view, but all works in table +

Hello. I want to build an app for a closed community. I need to make authentication where the user signs up and waits for admin confirmation. Has anyone solved the same problem or have a tip to get started? Thank you.

When I update Supabase I lose my database, I tried to presist the data by doing this in my yml file. I am doing some thing wrong? Each time I stop and start the container and new container is created and my data is lost. Please advise.

yml
  # Comment out everything below this point if you are using an external Postgres database
  db:
    container_name: supabase-db
    image: supabase/postgres:14.1.0.21
    command: postgres -c config_file=/etc/postgresql/postgresql.conf
    restart: unless-stopped
    ports:
      - ${POSTGRES_PORT}:5432
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    volumes:
      - ./volumes/db/data:/var/lib/docker/volumes/1c348aa63f846262ae48c2137bb77eb031cda8355ac18454f8b9412254d5d2ae/_data
      # - ./volumes/db/init:/docker-entrypoint-initdb.d

I missing something I should change?

Hi, when I try to run "npm run build" in my nextjs (typescript) project I receive the error from

import { SessionContextProvider } from '@supabase/auth-helpers-react';

that Property 'initialSession' does not exist on type '{}'. Can somebody help me with solving this? Thanks

<SessionContextProvider
      supabaseClient={supabaseClient}
      initialSession={pageProps.initialSession}
    >

if im posting to the "posts" table but need the id of the type of post it is in the types table, how while making the insert of this new post would i get the type of post it is from this foreign table based on the ID field?

Since this got merged, I can't figure out how to refresh a session. The new

setSession()

will only refresh your tokens if the

access_token

has expired. Before this merge,

setSession()

would give you new tokens even if the access_token was still valid. Or am I just missing something? (the most likely scenario) https://github.com/supabase/gotrue-js/pull/467

I get this error when I try to start the superbase docker image with

docker compose up

https://pastebin.com/LvP7qyqn

is there a way to find out your supabase db password after its set?

Hi Folks... I have a Settings Table that includes a "maintenance_mode" boolean column. My React Context Provider read this table if (maintenance_mode == false) it renders a { children } but if (maintenance_mode == true) it renders an React Component I'm facing something weird. If I run my Application with (maintenance_mode == false) when I change the "maintenance_mode" column to "true" using the Supabase Table Editor. The realtime changes reflects instantly and my React Context works perfectly and render the component as expected. But If I revert the "maintenance_mode" column to "false" , nothing happens. Only after refresh the page the changes is applied. Does anybody face something in this way before?? Thanks for helping me in advance... Kindly Rubens

Hey! So I tried setting up supertokens with supabase, so since supabase released v2 the docs on it is a bit outdated anyways with some research I almost got it! I only have to get the RLS working and I have a feeling the function is not working anymore; Whenever I signup I get this error

bash
error - Error: {"code":"42501","details":null,"hint":null,"message":"new row violates row-level security policy for table \"users\""}
    at Object.getProperError (D:\development\coding\typescript\blog\node_modules\next\dist\lib\is-error.js:25:12)
    at DevServer.run (D:\development\coding\typescript\blog\node_modules\next\dist\server\dev\next-dev-server.js:712:39)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async DevServer.handleRequest (D:\development\coding\typescript\blog\node_modules\next\dist\server\base-server.js:285:20)

The RLS expression on the

user

table is

(user_id() = (user_id)::text)

which before was

auth.user_id()=user_id

but the dashboard seems to automatically change it. The problem I think is, on the docs it says:

The payload in the JWT will have the following structure

{
    userId,
    exp
}

When in reality when I decode the JWT token myself I get

{"alg":"HS256","typ":"JWT"}{"userId":"f2a17d0b-a783-46ca-bb5c-cef944a9d4c7","exp":1665597882,"iat":1665594282}

the thing is I had to create a SQL function for

auth.user_id()

postgres
create or replace function auth.user_id() returns text as $$
select nullif(current_setting('request.jwt.claims', true)::json->>'userId', '')::text;
$$ language sql stable;

I think this function does not work because the structure of the JWT token doesn`t work with the one I am having... and I am not that expirienced with postgres to fix it myself, is anyone here able to help me out here? Thanks!

If I let my users login with Google/Github/Facebook etc... if I were to normally improvise my own auth system and get a response from the provider with the users data object, does Supabase give us access to the __full__ response as if we were normally doing so?

> Uncaught TypeError: supabase.auth.user is not a function This is from App.vue and the code line is ... > store.user = supabase.auth.user() In the debuger in the browser the watch shows supabase and supabase.auth exist. There is no user anything after that. Guide Ref: https://supabase.com/docs/guides/with-vue-3

Hi, How can I get the authenticated user in a Supabase function? I'm trying to access the user's oauth'd github user id, but I can't even figure out how to authenticate the user at all. Thanks.

Hi guys, I wanted to know, if I modify the auth.users table for a particular user & change their role to 'supabase_admin' will that user be able to bypass all RLS rules?

Not sure how to phrase this, but I want to use prisma with supabase, but I'm not sure how to go about creating a user table when there's already a whole auth section, I want to use supabase for authentication but I also want a user table in my prisma scheme to connect to other tables

I would like to subscribe to all notifications that are received by a user and are not 'read'.

const notificationSubscribe = supabase  .channel(public:notifications:receiverId=eq.${currentUser?.id}AND????)

Can I chain an AND filter here?

Hello, So I have virtual coins on my site which I need to be loaded when user log ins into the site. How frequent should I read those coins from a table? What is the best practice for it? I'm not sure if its okay to read it every time a page loads? Thanks,

I don't know how do it

Attaching payload and here is the response:{"message":"duplicate key value violates unique constraint \"Worklog_pkey\"","code":"23505","details":null,"hint":null} Table PK - is

id

Is there anything wrong using something like this: https://www.postgresql.org/docs/current/ecpg-dynamic.html in a RPC function? I would like to use it to build dynamic queries depending on the filters the user wants to apply to the query. With PostgREST, it seems that it's not possible to filter selected data on properties that you don't have selected in the query. Which annoys me a bit, since I don't need these properties, and this consumes unnecessary bandwidth etc. Also there are currently some limitations with PostgREST and the Supabase API integration which makes it harder to use the two together for my use case. Using this, I could build queries with table unions, filtering selected data without having to add extra properties, and do other things more easily.

How do I write a policy to make a table availabe to everyone who is loggedIn with Email and password (or logged in differently)? Is loggedIn and authenticated the same?

-- how can I access if a user is loggedIn?
CREATE POLICY "LoggedIn users can view posts."
    ON posts 
    FOR SELECT
    USING (if(userLoggedInWithPasswordAndEmail));

-- is true correct here?
CREATE POLICY "Everyone can view profiles - even if not logged in"
    ON profiles 
    FOR SELECT
    USING (true);