const { data: courses, error } = await supabase
        .from('courses')
        .select(
          `*, 
        lessons (
          lesson_id, lesson_order)`
        )
        .eq('user_id', user.user_id)

But then I want to also filter on the lessons column where the lesson_order = 0

Hei @User . Big fan from twitter. You made me check fast api Could you try doing it like this? I think it should work:

js
const { data: courses, error } = await supabase
        .from('courses')
        .select(
          `*, 
        lessons (
          lesson_id, lesson_order)`
        )
        .eq('user_id', user.user_id)
        .filter('lessons.lesson_order', 'eq', '0') 
  // or 0 if it is not a string

I've been hitting a lot of

ETIMEDOUT

errors with the Supabase JS client recently - does anyone know why?

right on, thanks Mihai!

and I'm flattered! FastAPI is cool 🙂

Glad it worked. Are you using it in nextjs? Or somewhere on the server? 😬

nextjs!

Anyone knows what lifetime has the refresh token? And you can configure that?

When will suobase have official support for the pYthon Client

Does anyone know if there's a way to check auth via an existing auth token? Example: -I open a URL on a different website with a param of ?authToken={authtokenhere} in the URL -On that page, with JS I grab the auth token from the URL, and I do a call to my API that checks if the auth token is valid

How can I store IP address when an user logged in? It seems that supabase doesn't support to tracking user session. For example getting ip address from user, verify captcha. It will be a problem if an attacker using signUp endpoint and send many requests for creating new users

Is there some way to specify in a request to ignore the max amount of rows to return? Or set a max amount to return that's higher than what's set in the project.

You'd have to take care of this separately. There are plenty of ways to capture client IP on both frontend and backend.

Yes you can. Thats what i do. On supabase settings, you have the jwt secret. Use that on your server to decode the auth token and see if it is valid

when will supabase accept custom urls for storage buckets, i urgently need this

hi guys, is there a now() function in supabase as well? for inserting on to a timestamp data type

if you create a column of timestamp with value timestampz it will automatically save the data with timestamp

Do refresh tokens expire?

I am trying to fix an issue in Supabase. For that, I need to run supabase locally. I am stuck here. Help from anyone would be welcomed. https://github.com/supabase/supabase/issues/2641#issuecomment-892408863

i have a rails api/app with JWT auth support and i'm building an app with supabase that will live along with the the rails app. is it possible to share the auth so i can use rls to secure the requests?

I have the default auth.users table, where users have ids and emails. I'd like, as an admin - not as a logged in user - to get a user's id using their email. But I believe I can't do this because auth.users is not exposed in the API. Any smart ideas for how I can do this? I also have a public.users table but I didn't store users' emails there because I figured they already exist in auth.users

Store user's email inside the

public.users

table too, this is the easiest way to be able to query it, otherwise create a Postgres View based on the

auth.users

table.

Yup, so unfortunately I've already messed up because I did not store emails in the

public.users

table from the outset. Is there any API I can use to grab emails from

auth.users

and fill

public.users

?

Use a Postgres View, this will just be a read only version of

auth.users

, just make sure you don't expose every column in the view

Aha OK. Do you happen to know any resources about how to create a Postgres View? Just had a look in Supabase docs but didn't find anything - I will look in Postgres docs now

For Auth, it it possible to add regex patterns for the list of urls that auth providers are permitted to redirect to?

so our users can make courses at a subdomain like

learn-supabase.slip.so

or

git-mastery.slip.so

. I want a user to be able to register or login and get redirected back to the specific subdomain for a particular course. So I'd want to setup a pattern in auth for allowed redirects like

.slip.so/login

instead of having to manually set a new allowed redirect for every course published

i've tried it, seems like it's just plain ol' strings because this is what the tip says -> "A comma separated list of exact URLs that auth providers are permitted to redirect to post authentication."

why does onAuthStateChanged not fire when you signup via email/password? is this because the session is null until the email is verified? But isn't the whole point of an observer like this to observe and alert listeners about every auth state change? is signing up not considered a change in the state of the auth? this behavior is quite different from firebase auth's onAuthStateChanged observer, idk if it's a bug or some explicit design decision but it's counter-intuitive. This could very well be considered a side effect of this issue: https://github.com/supabase/supabase/issues/2715