apps/docs/content/guides/functions/auth-legacy-jwt.mdx
Edge Functions work with Supabase Auth.
This allows you to:
When a user makes a request to an Edge Function, you can use the Authorization header to set the Auth context in the Supabase client and enforce Row Level Security policies.
import { createClient } from 'npm:@supabase/supabase-js@2'
Deno.serve(async (req: Request) => {
const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
// Create client with Auth context of the user that called the function.
// This way your row-level-security (RLS) policies are applied.
{
global: {
headers: { Authorization: req.headers.get('Authorization')! },
},
}
);
//...
})
This context setting happens in the Deno.serve() callback argument, so that the Authorization header is set for each individual request scope.
By getting the JWT from the Authorization header, you can provide the token to getUser() to fetch the user object to obtain metadata for the logged in user.
Deno.serve(async (req: Request) => {
// ...
const authHeader = req.headers.get('Authorization')!
const token = authHeader.replace('Bearer ', '')
const { data } = await supabaseClient.auth.getUser(token)
// ...
})
After initializing a Supabase client with the Auth context, all queries will be executed with the context of the user. For database queries, this means Row Level Security will be enforced.
import { createClient } from 'npm:@supabase/supabase-js@2'
Deno.serve(async (req: Request) => {
// ...
// This query respects RLS - users only see rows they have access to
const { data, error } = await supabaseClient.from('profiles').select('*');
if (error) {
return new Response('Database error', { status: 500 })
}
// ...
})
See the full example on GitHub.
<$CodeSample path="/edge-functions/supabase/functions/select-from-table-with-auth-rls/index.ts" title="Select from table with auth RLS" language="typescript" />