Unexpected token '<', \"<html>\r\n<h\"... is not valid JSON When using auth.admin.createUser
For some reason I consistently get this error when trying to create a user from edge functions using auth.admin.createUser with the service role key
Anyone else experiencing this? how can I solve it?
10 Replies
Probably need to show some code.
And here the error.message is: Unexpected token '<', "<html>\r\n<h"... is not valid JSON
its actually happening also for a call to auth.admin.updateUserById, same error.meessage
Try just setting up the client inline with createClient and use URL and Service_role for the API key from the env.get call.
https://supabase.com/docs/guides/functions/auth
Also log out your service role key in your setup and make sure correct.
that is so weird
The first 2 pictures show how I set up my config and how I use it and somehow in the log the service role key has a \n at the end
That is so weird because this env variable is not even something we set up, supabase has it by default..
and actually even when doing a replace on the final string to remove it, I get the same error..
Nevermind, it seems to have been something that supabase does when logging..
So, to sum up, Ignore the above and I've validated that the authorization and url are right and I've created the client inline, but still the same error..
No surprice there btw since all other functions that I have setup using this getDBClient are all working perfectly fine, only these seem to be bad, and it seems that both of them are the only ones where I use auth.admin module
Normally when you do service client you just set the apikey to service_role. You don't do anything with the authorization header. It is set by default.
But I would expect an invalid key or user error from auth.admin calls if it was getting the anon key somehow. Not your cryptic JSON error.
What version supabase-js are you using?
Also if you just change the auth.admin call to a .from('tablename').select('*') does it work?
this yes, it does work and it works in all my other functions (I have 7 of them that run all the time making queries and inserts / updates, no problem there)
version 2.22.6
K. I've got nothing else. Searched around the web a bit and found nothing useful.
Your supabase-js is pretty old, but well after auth.admin replaced an older method.
Just wanted to make sure service_role like you are doing it works with DB operations.
I've figured it out in the end
The issue was that I was passing authorization and not Authorization in the global.headers when initializing the client
Given that request headers are usually not case sensitive and the client defaults to the caller authorization token if none is given (which was the case because of the mistake) my other functions were working and the issue only occured when trying to use admin.auth module since its only accessible to service role
So thank you for your help, turns out it was my fault in the end
I would say though that my confusion as to the case sensitivity on the global.headers is kind of justified since they are (to the best of my knowledge) never case sensitive and I do honestly think that this should either be made clear with a warning in the docs, or to make it the same as regular fetch headers
Also, I guess the error should have been more clear with an unauthorized response and clear message that it should only be accessible to service role or something like that. I don't know where the html response comes from but I guess it shouldn't be too hard to reproduce and fix now that we know the cause of the issue
thanks for the help @garyaustin 🙏