Unable to Create RLS Policy on `auth.mfa_factors`
Hello everyone,
Hope you are doing alright. I need help please!
My application's Multi-Factor Authentication (MFA) flow is not working. We have diagnosed that the
supabase.auth.mfa.listFactors() function is silently returning an empty array, which prevents users from completing
the MFA challenge.
Root Cause:
There is no RLS SELECT policy on the auth.mfa_factors table for the authenticated role.
Attempted Solutions:
We have tried every possible way to create this policy, and all have failed:
Hope you are doing alright. I need help please!
My application's Multi-Factor Authentication (MFA) flow is not working. We have diagnosed that the
supabase.auth.mfa.listFactors() function is silently returning an empty array, which prevents users from completing
the MFA challenge.
Root Cause:
There is no RLS SELECT policy on the auth.mfa_factors table for the authenticated role.
Attempted Solutions:
We have tried every possible way to create this policy, and all have failed:
- Dashboard UI: The auth schema is "Locked" and read-only in the Policy Editor UI, so we cannot add the policy there.
- SQL Editor: Running CREATE POLICY... directly in the SQL Editor fails with the error: ERROR: 42501: must be owner
of table mfa_factors. - `SECURITY DEFINER` Function: We attempted to use a SECURITY DEFINER function to escalate privileges, but this alsofails with the same must be owner permission error.Required Action:Could you please run the following SQL to create the necessary policy in our project?1 -- Enable RLS if it is not already2 ALTER TABLE auth.mfa_factors ENABLE ROW LEVEL SECURITY;3 4 -- Create the policy5 CREATE POLICY "Authenticated users can read their MFA factors"6 ON auth.mfa_factors7 FOR SELECT8 TO authenticated9 USING ((SELECT auth.uid()) = user_id);Thank you.Karl
