N
Neon11h ago
deep-jade

Clerk + Neon RLS configuration

Hello, I have setup Clerk with Neon/Drizzle but am getting RLS errors in production when I enable RLS on the Users table: 
  query: 'select "id", "clerkId", "firstName", "lastName", "email", "role", "analyticsEnabled", "errorMonitoringEnabled" from "User" where "User"."clerkId" = $1',
  params: [Array],
  [cause]: Error [NeonDbError]: Server error (HTTP status 500): "{\"message\":\"could not set up the JWT authorization database extension\",\"code\":\"\",\"detail\":null,\"hint\":null,\"position\":null,\"internalPosition\":null,\"internalQuery\":null,\"severity\":\"\",\"where\":null,\"table\":null,\"column\":null,\"schema\":null,\"dataType\":null,\"constraint\":null,\"file\":null,\"line\":null,\"routine\":null}"
      at bv.execute (.next/server/chunks/6880.js:30:3757)
      at async (.next/server/chunks/6880.js:2:12144)
      at async p.queryWithCache (.next/server/chunks/6880.js:34:10323)
      at async p.execute (.next/server/chunks/6880.js:2:12101)
      at async (.next/server/app/api/trpc/[trpc]/route.js:8:70264)
      at async bI.middlewares (.next/server/app/api/trpc/[trpc]/route.js:5:7696)
      at async bM (.next/server/app/api/trpc/[trpc]/route.js:8:69)
      at async b (.next/server/app/api/trpc/[trpc]/route.js:5:7932)
      at async (.next/server/app/api/trpc/[trpc]/route.js:1:36558) {
    severity: undefined,
    code: undefined,
    detail: undefined,
    hint: undefined,
    position: undefined,
    internalPosition: undefined,
    internalQuery: undefined,
    where: undefined,
    schema: undefined,
    table: undefined,
    column: undefined,
    dataType: undefined,
    constraint: undefined,
    file: undefined,
    line: undefined,
    routine: undefined,
    sourceError: undefined
  }
}
  query: 'select "id", "clerkId", "firstName", "lastName", "email", "role", "analyticsEnabled", "errorMonitoringEnabled" from "User" where "User"."clerkId" = $1',
  params: [Array],
  [cause]: Error [NeonDbError]: Server error (HTTP status 500): "{\"message\":\"could not set up the JWT authorization database extension\",\"code\":\"\",\"detail\":null,\"hint\":null,\"position\":null,\"internalPosition\":null,\"internalQuery\":null,\"severity\":\"\",\"where\":null,\"table\":null,\"column\":null,\"schema\":null,\"dataType\":null,\"constraint\":null,\"file\":null,\"line\":null,\"routine\":null}"
      at bv.execute (.next/server/chunks/6880.js:30:3757)
      at async (.next/server/chunks/6880.js:2:12144)
      at async p.queryWithCache (.next/server/chunks/6880.js:34:10323)
      at async p.execute (.next/server/chunks/6880.js:2:12101)
      at async (.next/server/app/api/trpc/[trpc]/route.js:8:70264)
      at async bI.middlewares (.next/server/app/api/trpc/[trpc]/route.js:5:7696)
      at async bM (.next/server/app/api/trpc/[trpc]/route.js:8:69)
      at async b (.next/server/app/api/trpc/[trpc]/route.js:5:7932)
      at async (.next/server/app/api/trpc/[trpc]/route.js:1:36558) {
    severity: undefined,
    code: undefined,
    detail: undefined,
    hint: undefined,
    position: undefined,
    internalPosition: undefined,
    internalQuery: undefined,
    where: undefined,
    schema: undefined,
    table: undefined,
    column: undefined,
    dataType: undefined,
    constraint: undefined,
    file: undefined,
    line: undefined,
    routine: undefined,
    sourceError: undefined
  }
}
Can someone please advise how I can resolve this issue? Thank you!
2 Replies
stuck-chocolate
stuck-chocolate8h ago
Hey! Have you added the pg_session_session extension? And have you set up your JWKS URL in the Neon Console? This doc might be handy to you for setting up RLS with Neon Auth : https://neon.com/docs/guides/neon-rls-clerk
Neon
Secure your data with Clerk and Neon RLS - Neon Docs
Clerk + Neon RLS Neon RLS Tutorial Manual JWT verification Simplify RLS with Drizzle Use Clerk with Neon RLS to add secure, database level authorization to your application. This guide assumes you alr...
deep-jade
deep-jadeOP7h ago
Hi Sam, yes I've added the JWKS URL from Clerk (generated using their JWT template for Neon) Let me double check regarding the pg_session_session extension I have these 2 configured on the Neon branch: 
Available JWT/session extensions:
  - pg_session_jwt v0.3.1: pg_session_jwt: manage authentication sessions using JWTs
  - pgjwt v0.2.0: JSON Web Token API for Postgresql
Available JWT/session extensions:
  - pg_session_jwt v0.3.1: pg_session_jwt: manage authentication sessions using JWTs
  - pgjwt v0.2.0: JSON Web Token API for Postgresql
I see it says: "Neon RLS is available only in private preview. Contact Support if you'd like to use it." in the docs, do I need to take any additional steps to turn RLS on in my database? I've raised a support ticket but not sure what the status of it is

Did you find this page helpful?