Edge Functions

Integrating With Supabase Auth

Supabase Edge Functions and Auth.

Edge Functions work seamlessly with Supabase Auth.

Auth context

When a user makes a request to an Edge Function, you can use the Authorization header to set the Auth context in the Supabase client:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
import { createClient } from 'npm:@supabase/supabase-js@2'Deno.serve(async (req: Request) => {  const supabaseClient = createClient(    Deno.env.get('SUPABASE_URL') ?? '',    Deno.env.get('SUPABASE_ANON_KEY') ?? '',    // Create client with Auth context of the user that called the function.    // This way your row-level-security (RLS) policies are applied.    {      global: {        headers: { Authorization: req.headers.get('Authorization')! },      },    }  );  // Get the session or user object  const authHeader = req.headers.get('Authorization')!;  const token = authHeader.replace('Bearer ', '');  const { data } = await supabaseClient.auth.getUser(token);})

Importantly, this is done inside the Deno.serve() callback argument, so that the Authorization header is set for each request.

Fetching the user

By getting the JWT from the Authorization header, you can provide the token to getUser() to fetch the user object to obtain metadata for the logged in user.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import { createClient } from 'npm:@supabase/supabase-js@2'Deno.serve(async (req: Request) => {  const supabaseClient = createClient(    Deno.env.get('SUPABASE_URL') ?? '',    Deno.env.get('SUPABASE_ANON_KEY') ?? '',    {      global: {        headers: { Authorization: req.headers.get('Authorization') },      },    }  )  // Get the session or user object  const authHeader = req.headers.get('Authorization')!  const token = authHeader.replace('Bearer ', '')  const { data } = await supabaseClient.auth.getUser(token)  const user = data.user  return new Response(JSON.stringify({ user }), {    headers: { 'Content-Type': 'application/json' },    status: 200,  })})

Row Level Security

After initializing a Supabase client with the Auth context, all queries will be executed with the context of the user. For database queries, this means Row Level Security will be enforced.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
import { createClient } from 'npm:@supabase/supabase-js@2'Deno.serve(async (req: Request) => {  const supabaseClient = createClient(    Deno.env.get('SUPABASE_URL') ?? '',    Deno.env.get('SUPABASE_ANON_KEY') ?? '',    // Create client with Auth context of the user that called the function.    // This way your row-level-security (RLS) policies are applied.    {      global: {        headers: { Authorization: req.headers.get('Authorization')! },      },    }  );  // Get the session or user object  const authHeader = req.headers.get('Authorization')!;  const token = authHeader.replace('Bearer ', '');  const { data: userData } = await supabaseClient.auth.getUser(token);  const { data, error } = await supabaseClient.from('profiles').select('*');  return new Response(JSON.stringify({ data }), {    headers: { 'Content-Type': 'application/json' },    status: 200,  })})

Example code

See a full example on GitHub.