Support set_auth(token) and or customisation of headers for storage

Question

Support set_auth(token) and or customisation of headers for storage

fquellec opened this issue a year ago · 2 comments

Is your feature request related to a problem? Please describe.
I'm currently using Supabase in a FastAPI middleware, I want to use RLS for permissions management.
When the user logs in via my /login endpoint, I authenticate them with Supabase and return the access token provided by Supabase.
In subsequent calls, I want to retrieve the Supabase session of the user with the previous access token in order to make RLS-protected calls.

Describe the solution you'd like
It would be nice to have a function set_auth(access_token) on the client in order to change the permissions of the client according to the user making the request.

Describe alternatives you've considered
There is a workaround when uploading files, we can set the bearer token manually:

response = supabase.storage.from_("files").upload(
        f"{str(user_id)}/{str(file_id)}",
        file_content,
        file_options={"authorization": f"Bearer {token}"},
    )

But this is not possible when downloading or listing files..

Additional context
Add any other context or screenshots about the feature request here.

Answer 1 · 2023-11-17T09:22:28.000Z

I think this is related to: supabase/auth-py#221
I understand now that we can use:

supabase.auth.set_session(token, refresh_token)
supabase.auth._remove_session()

It's confusing to be forced to use the refresh_token, even if we don't want to refresh the access_token.

Answer 2 · 2023-12-28T20:38:05.000Z

in the client - this seems to fix things -

   def set_auth(self, *, access_token: str) -> Session:
        """Overrides the JWT on the current client. The JWT will then be sent in
        all subsequent network requests.