Edge Functions

Integrating With Supabase Auth

Supabase Edge Functions and Auth.

Edge Functions work seamlessly with Supabase Auth.

Auth Context#

When a user makes a request to an Edge Function, you can use the Authorization header to set the Auth context in the Supabase client:

import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'

Deno.serve(async (req: Request) => {

const authHeader = req.headers.get('Authorization')!
const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{ global: { headers: { Authorization: authHeader } } }
)

})

Importantly, this is done inside the Deno.serve() callback argument, so that the Authorization header is set for each request.

Fetching the user#

After initializing a Supabase client with the Auth context, you can use getUser() to fetch the user object, and run queries in the context of the user with Row Level Security (RLS) policies enforced.

import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'

Deno.serve(async (req: Request) => {

const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{ global: { headers: { Authorization: req.headers.get('Authorization')! } } }
)

// Get the session or user object
const { data } = await supabaseClient.auth.getUser()
const user = data.user

return new Response(JSON.stringify({ user }), {
headers: { 'Content-Type': 'application/json' },
status: 200,
})

})

Row Level Security#

After initializing a Supabase client with the Auth context, all queries will be executed with the context of the user. For database queries, this means Row Level Security will be enforced.

import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'

Deno.serve(async (req: Request) => {

const supabaseClient = createClient(
Deno.env.get('SUPABASE_URL') ?? '',
Deno.env.get('SUPABASE_ANON_KEY') ?? '',
{ global: { headers: { Authorization: req.headers.get('Authorization')! } } }
)

// Database queries will have RLS policies enforced
const { data, error } = await supabaseClient.from('profiles').select('*')

return new Response(JSON.stringify({ data }), {
headers: { 'Content-Type': 'application/json' },
status: 200,
})

})

Example code#

See a full example on GitHub.

© Supabase IncContributingAuthor StyleguideOpen SourceSupaSquad

We only collect analytics essential to ensuring smooth operation of our services.

Learn more