pocin
03/01/2022, 10:02 AM/update task id1234 text:learn foo
, I receive this data with their discord_id so i know on behalf of what user to create the task.
If i use master key i have to re implement the logic that user can update only their task
If i use anon key i would have to authenticate the users via discord interaction and store their access token server side?
Or is there a way to impersonate the user from the backend?Yonben
03/01/2022, 10:05 AMYonben
03/01/2022, 10:06 AMusers
work in Supabase since I never used that feature (yet). But conceptually what I mentioned feels enoughpocin
03/01/2022, 10:06 AMauth.my_uid()
which defaults to auth.uid()
but if there is a session variable INJECTED_UID
it takes that?
server side before each query i would inject the uidpocin
03/01/2022, 10:13 AMauth.uid()=something
Yonben
03/01/2022, 10:33 AMgaryaustin
03/01/2022, 10:50 PMpocin
03/02/2022, 6:34 AMpocin
03/02/2022, 6:35 AMgaryaustin
03/02/2022, 2:57 PM