When I try to use the Google OAuth Provider I keep getting this error.

I have this:

import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';

const corsHeaders = {
    'Access-Control-Allow-Origin': '*',
    'Access-Control-Allow-Headers':
        'authorization, x-client-info, apikey, content-type',
};

serve(async (req) => {
    // It doesnt work... WHY?
    // const data = await req.json().body; 

    // It works... WHY?
    const data = { message: `Hello world!` };

    return new Response(JSON.stringify(data), {
        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
    });
});

For some reason, if I try to use

await req.json()

as the data, I get a CORS error, whereas if I send an static object it works... Why could this be?

Hello everyone, hope someone can help my little pickle here. I have this code tied to some basic form html code in Ionic React:

const [email, setEmail] = useState('');
const [password, setpassword] = useState('');
const [password2, setPassword2] = useState('');
const [fullname, setFullname] = useState('');
const [phonenumber, setPhonenumber] = useState(0);
const [birthday, setBirthday] = useState('');
const [Rmsg, setRmsg] = useState('');
const [user, setUser] = useState('');

const Register = async () => {
  const {data} = await supabase.auth.signUp({
    email,
    password,
  },
  { 
    data:
      fullname,
      phonenumber,
      birthday
  })
  if (password != password2){
    setRmsg('Passwords do not match')
  } else {
    setRmsg('User Created Successfully')
    console.log(data.user)
    setUser(user)
  }
}

The basic idea is that I want to be able to register a user, and push their email, password, full name, phone number and birthday into my database, so I can display specific wanted details on a profile page later on. However, when trying to do this, it asks for just 1 argument, and not 2, but when doing so, it seemingly does not allow anything but email and password? A little disclaimer: I've only started programming in React, Ionic and Supabase a week ago, so everything is still new to me (Especially Supabase), so sorry in advance if my explanation is not that good.

When I use

supabase.functions.invoke(...)

, a request is made, with the header

authorisation: Bearer xxxxxx

. Is it possible to get that token manually, thought the supabase client? Something like

supabase.auth.access_token()

, or something similar?

I've built a web app which has an admin section using supabase.auth.admin. In the docs it says 'Never expose your service_role key in the browser.' Where do I store the service role key for it to be used for admin? I'm planning to deploy my app on Vercel so I'm wondering if I need to put it in the environment variables - would that be the correct thing to do or would that expose it to the client?

So I want to save a script for creating a table for 2 schemas.

sql
DO $$
DECLARE 
  s TEXT;
  schemata TEXT[] := ARRAY['test', 'public'];
BEGIN
  FOREACH s IN ARRAY schemata LOOP
    CREATE TABLE IF NOT EXISTS s.members ( 
      id UUID DEFAULT uuid_generate_v4(),
      PRIMARY KEY ( id )
    );
    ALTER TABLE s.members
      ENABLE ROW LEVEL SECURITY,
      ADD COLUMN IF NOT EXISTS supporter_id UUID REFERENCES s.members ( id ),
      ADD COLUMN IF NOT EXISTS email VARCHAR NOT NULL,
      ADD COLUMN IF NOT EXISTS name TEXT NOT NULL, 
      ADD COLUMN IF NOT EXISTS role VARCHAR NOT NULL,
      ADD COLUMN IF NOT EXISTS super_admin BOOLEAN NOT NULL DEFAULT false;
    DROP POLICY IF EXISTS "Enable READ for authenticated users." ON s.members;
    CREATE POLICY "Enable READ for authenticated users." ON s.members
      AS PERMISSIVE FOR SELECT
      TO authenticated
      USING ( true );
    DROP POLICY IF EXISTS "Enable UPDATE for super admins." ON s.members;
    CREATE POLICY "Enable UPDATE for super admins in" ON s.members
      AS PERMISSIVE FOR UPDATE
      TO authenticated
      USING ( is_admin() = true )
      WITH CHECK ( is_admin() = true );  
  END LOOP;
END;
$$;

But it returns

Failed to run sql query: schema "s" does not exist

So, we have a somewhat odd setup -- the client has demanded (despite my repeated insistence that Phone Auth is not 2fa) to set up SMS 2FA because of the nature of data the end-users will be using the service for, and since Supabase does not yet support SMS for MFA, I was trying to sort of roll my own with the Phone auth. Unfortunately, nothing I try here seems to be able to properly verify a phone number after registering with email. Has anyone set up an SMS 2FA with Supabase, or have any alternative workarounds here? We are using Supabase MFA as a secondary option alongside this, but the client thinks Authenticator MFA is "too confusing" for users.

As far as I understand, using the service key will allow me to bypass all RLS policies, so I created a serverless endpoint with NextJS, using it:

js
const handler = (req, res) => {
    const { authorization } = req.headers;
    const supabaseUrl = 'https://xxxxxxxx.supabase.co';
    // const anonKey = 'yyyyyyyyyy';
    const serviceKey = 'zzzzzzzzzzz';
    const options = { global: { headers: { Authorization: authorization } } };
    const supabase = createClient(supabaseUrl, serviceKey, options);

    supabase
        .from('prompts')
        .insert([{ title: 'test', body: 'test' }])
        .then((data) => {
            console.log(data);
            res.status(200).json({ name: data });
        });
};

But this way, the RLS Policies are still being applied. Could it be because I am using the bearer token that was given to me by the client, while using the anon key? If so, how should I do it then?

If I use the Pro plan, can I change the sender email address or do I still need to use a custom SMTP?

Hi, I'm attempting to do a very basic hello edge function. I've looked at the CI/CD integration yaml:

name: Deploy Function

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  deploy:
    runs-on: ubuntu-latest

    env:
      SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
      PROJECT_ID: zdtdtxajzydjqzuktnqx

    steps:
      - uses: actions/checkout@v3

      - uses: supabase/setup-cli@v1
        with:
          version: 1.0.0

      - run: supabase functions deploy github-action-deploy --project-ref $PROJECT_ID

When it attempts to deploy I see the following:

Run supabase functions deploy hello --project-ref $PROJECT_ID
You can generate an access token from https://app.supabase.com/account/tokens.
Enter your access token: Cancelled supabase login.
Bundling hello
Error: Access token not provided. Supply an access token by running supabase login or setting the SUPABASE_ACCESS_TOKEN environment variable.
Error: Process completed with exit code 1.

Any advice on how I should supply the SUPABASE_ACCESS_TOKEN and keep it out of the github repo? Thanks

Does this require postgre functions or what, if yes how and what to add, i don't know postgre

I'm using SvelteKit with the auth helpers, after logging in (either with a password or via a magic link) everything seems to be working correctly, with

$page.data.session

populating properly. However I get the

AuthSessionMissingError

error when trying to reset a password using the code here:

js
    const { data, error } = await supabaseClient.auth.updateUser({
      password: password,
    });

and it also seems that the user is returning null from this code:

js
    const { data: user } = await supabaseClient.auth.getUser();

I am trying to create a query that is complicated for me as I am just learning. I have a collection of songs and I want to query and show all of them when the page is loaded. The only thing by default is the limit that is in the parameters. The rest of the filters that I am passing (level and musicStyle) are an empty string in the beginning. I would like not to apply any filter until those parameters have some value and the query that I have right now is:

queryFn: async (args) => {
                const { limit, level, musicStyle } = args;

                const {data, count, error} = await supabase
                .from('all_preloads')
                .select('*', {count: "exact", head: true})
                .eq('level', level)
                .contains('musicStyle', musicStyle)
                .order('created_at', { ascending: false })
                .limit(limit)

                console.log(count)
                return { data, error }
            },

The parameter "level" has to match exactly with the column level, however a song can have several musicStyles, so I have done that field an array, and I would like to be filtered once the parameter !== "" and the value is included in the array. I hope I have explained it properly. Thanks!

If a user signed up with email, but adds a phone to their account, you can send an OTP to their phone, but trying to log in with that OTP with the phone number results in "user not found" and trying to verifyOtp with email address and the token sent by SMS, says that the token is expired or invalid. How can we mix email accounts and SMS OTP?

AGE is an extension that provides graph data processing and analytics capabilities to Postgres. https://age.apache.org

We're having a lot of trouble with magic link auth, due to many users having security systems that scan the links thus invalidating them. We're trying to fix this issue, and I see you can send

{{ .Token }}

in the email template – is there a method in the JS SDK that allows the user to submit this?

table events id PK FK to event_entries td_id table event entries id PK event_id FK to events score I am trying to allow a user who has a user_id matching td_id (in events) to update the score for an individual in the event_entries table. however i believe i have a relation wrong and I dont quite understand how to join these tables Does anyone know how to get the supabase set up to allow this?

Background on the App I am Building... - Internal CRUD application used by our Company's

Agents

to manage their

Clients

data - The App will be marketed as a FREE to use application ( no mostly cost like a traditional SaaS ), but would require you to work for our company

@ExampleCompany.com

. - Thus, the app should require a

@ExampleCompany.com

( Our Company ) email to login / sign up as an

Agent

Whitelisted Login Options I have looked into... 1. Anyone can sign up, manual RLS updates - Allow anyone to sign up, but prevent all read/writes with RLS by default, displaying a

waiting for verification

page in the App, and having a System Admin manually verify users as

Agents

. 2. Disable signup by default, System Admin sends signup links to clients directly - Seems like there could be issues / bugs with this ( e.g. https://github.com/supabase/supabase/discussions/4296 ) but could be an option. 3. Function + Trigger - Here is a good example, https://github.com/supabase/supabase/issues/6228#issuecomment-1095235706, but I am not sure if this is good practice. This does seem like the best option for automation however ; and might be able to be expanded to offer

@SomePartnerCompany.com

emails. Does anyone have any tips for how I should go about this given my App Background ?

Hello team, I'm trying to fetch columns dynamically like this:

const { data: publicData, error: publicError } = await supabase.from('customer').select(columns).eq('id', viewableObjectId).single();

When I hover over the type for publicData, I see the types:

const publicData: GenericStringError | null

I found this thread which mentions simply adding as any to the variable inside .select() however, I'm still receiving the same GenericStringError.

const { data: publicData, error: publicError } = await supabase.from(tableName).select(columns as any).eq('id', viewableObjectId).single();

This still returns the same Error type. Is this a known bug? I see the ticket was closed but the proposed workaround isn't working sadly. I am getting the correct data back, it's just the types being returned that are wrong. Thanks in advance!

I've generated my schema types. When generating an array to hold results, I'm doing:

let results:Database['public']['Tables']['results']['Row'][] = [];

This seems awfully wordy. Is this the "right way" to properly define my results object?

[Using SvelteKit] I'm follow these instructions as a way to verify the session still exists on the database https://github.com/supabase/supabase/issues/491#issuecomment-871863896 I logged in with a test user, then manually deleted their session in the db, then tested it like this

js
// handle is a hook that runs every time the server receives a request.
export const handle = async ({ event, resolve }) => {
    const { session, supabaseClient } = await getSupabase(event);

    event.locals.sb = supabaseClient;
    event.locals.session = session;

    const user = await supabaseClient.auth.getUser(session?.access_token);
    console.log(user)
    return resolve(event);
};

It still logs all the user details even though it's not in the database anymore.. am I wrong to assume that's what it's for or am I suppose to query the auth table myself to check if the user exists still (if that's possible)? 🤔

Hi! I'm testing my Edge Functions locally, to review my updates before pushing to production. However, when I run the cURL command, it returns "Invalid JWT". The cURL is like this: >curl -i --location --request POST "http://localhost:54321/functions/v1/" --header "Authorization: Bearer xxxxxx" --header "Content-Type: application/json" --data "{"name":"Functions"}" Anyone know why? If it helps, in the function I use stripe and I use env variables. I also check for headers in the request with this code: if (req.method === "OPTIONS") { return new Response("ok", { headers: corsHeaders }); } Thanks !

Is there any way to implement this one on supabase? The context is that I want to add a product to the table but if it already exists then just update the row's quantity (increment by 1). The only way I could think of so far is to make a database function

I have a post and i want the post to contain 2 collectinos Upvotes and Downvotes an upvote and downvote are both tables in my database

Hello everyone, Enjoying Supabase with Next.js 13. I was wondering if anyone had any insight on where they prefer to host their serverless functions... Seems like it would be better to use Supabase as it's easier to integrate into the DB queries and you avoid waterfall requests. Wondering if anyone has any experience or thoughts. Thanks in advance. 🙏

How do you actually "host" this so it isn't on your local IP port but on a website domain? https://github.com/shwosner/realtime-chat-supabase-react ChatGPT gave these examples: **Static hosting**: You can use a service like Amazon S3 or GitHub Pages to host your application. Simply upload the contents of the dist folder to the hosting service and configure it to serve the files as a static website. **Server-side hosting**: You can use a service like Heroku or AWS Elastic Beanstalk to deploy your application. These services allow you to deploy your code and run it on a web server. You will need to configure your server to serve the files from the dist folder. **Virtual Private Server (VPS)**: You can also deploy your application on your own VPS. Most VPS providers like DigitalOcean, AWS EC2, Azure, etc. provide a way to upload your code and run it on a web server. You will need to configure your server to serve the files from the dist folder. **Docker**: You can use Docker to deploy your application. By creating a Docker image of your application and running it in a container, you can easily deploy your application to any environment that supports Docker. I'm kind of new to all this so this is fascinating to me that you can change back-end stuff to show on the front-end. I have Wordpress and Mastodon droplet experience with DigitalOcean use. I also code a bunch with Android Studio Kotlin.. I know you can use Wordpress plug-ins to have easy chat widgets but I want to see how to get this reactor supbase code to work.

I was going the docs for Supabase GraphQL setup at https://supabase.github.io/pg_graphql/api/#insert Specifically the insert part as I am trying to create a mutation with multiple inserts. The part I have not figured out yet is how to use the id of the first insert operation to set the foreign key on the second insert operation and if that is even possible. Any ideas?

@Zerkia which frontend/framework do you use? its often better to follow a specific guide for your client.

I want to create an edge function that verifies if a username exist in my db. I have set RLS to my table that limits the access to only the user that is authenticated can access his own profile and his say friends to be able to access his profile. Do these rule apply to a request made from an edge function, so that I can verify the uniqueness of the username before the user have signed up, thus is not yet authenticated?

Hi there! We have a micro service architecture protected by Keycloak which is more pain than it should be for several reasons: - The persons who set it up are no longer in the project and for the remaining ones it's hard to dive into Keycloak, because it's such a big topic - Theming in Keycloak is quite painful with all the templating stuff. We just want have more flexibility - Self hosted is annoying 🙂 , as we need to manage it within Kubernetes, it feels like more effort to scale as it should be - Keycloak feels like over the top for our small application(s) How we Keycloak use: We have enabled Authorization and included a couple of Resources/Policies/Permissions. So whenever we hit a resource like /users/{id}/foods, we know if the user is allowed or not as the backend double checks with Keycloak by using the assigned roles. How I think Supabase should work with our backend: We provide the JWT to the backend and the backend checks the roles and user id inside it and then allows or forbid it. The backends are implemented with Quarkus so an endpoint could look like

@GET 
@Path("users/{id}/foods") 
@RolesAllowed({ "User", "Admin" }) 
List<Food> getFoods(){
...
}