Proper way to the authorize the user in an Inngest function?

export default inngest.createFunction(
  { id: 'process' },
  { event: 'process' },
  async ({ event, step }) => {
    const { fileData, fileType } = event.data

    if (!fileData || !fileType) {
      throw new Error('No fileData or fileType provided in event payload')
    }

    const supabase = await createClient()
    const { data: user } = await supabase.auth.getClaims()

    if (!user?.claims) {
      throw new Error('No user claims provided in event payload') <<<<< FAILS (EXPECTED)
    }

    const userId = user.claims.sub

...rest

export async function POST(req: Request) {
  try {
    const supabase = await createClient()

    const { data, error: authError } = await supabase.auth.getClaims()

    if (authError || !data?.claims) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
    }

    const body = await req.json()
    const { fileData, fileType } = body

    if (!fileData || !fileType) {
      return NextResponse.json({ error: 'fileData and fileType are required' }, { status: 400 })
    }

    await inngest.send({
      name: 'process',
      data: {
        fileData,
        fileType,
      },
    })

    return NextResponse.json({
      success: true,
      message: 'Processing started',
    })
  } catch (error) {
    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
  }
}