S
Supabase5h ago
Junaid Rasheed

Need help setting up Auth0

Hey guys, I need help understanding the way supabase recommends adding auth0. As a third party provider. In my application (Supabase + Nuxt) my user logs in successfully, but for some reason Supabase's auth.jwt() doesn't return the sub. Hence I am unable to verify the user. I need help figuring out what I am missing. In my usecase I am mostly using Supabase Client on the backend side only. So here is the code for it 
export function serverSupabaseAuth0<T = Database>(event: H3Event) {
  const config = useRuntimeConfig();

  const authHeader = getHeader(event, 'authorization') || '';

  return createClient<T>(
    config.public.supabaseUrl,
    config.public.supabaseAnonKey,
    {
      global: {
        headers: {
          Authorization: authHeader, // Auth0 token → RLS respected
        },
      },
      auth: {
        autoRefreshToken: false,
        persistSession: false,
        detectSessionInUrl: false,
      },
    }
  ) as any;
}
export function serverSupabaseAuth0<T = Database>(event: H3Event) {
  const config = useRuntimeConfig();

  const authHeader = getHeader(event, 'authorization') || '';

  return createClient<T>(
    config.public.supabaseUrl,
    config.public.supabaseAnonKey,
    {
      global: {
        headers: {
          Authorization: authHeader, // Auth0 token → RLS respected
        },
      },
      auth: {
        autoRefreshToken: false,
        persistSession: false,
        detectSessionInUrl: false,
      },
    }
  ) as any;
}
The authorization header is the accessToken being returned by the Auth0. Here is one of my RLS policies which are failing 
alter policy "Only user can insert"
on "public"."tags"
to authenticated
with check (
  (is_auth0_authenticated() AND (created_by = current_user_uuid()))
);
alter policy "Only user can insert"
on "public"."tags"
to authenticated
with check (
  (is_auth0_authenticated() AND (created_by = current_user_uuid()))
);
is_auth0_authenticated: 
SELECT (auth.jwt() ->> 'https://tiemessenger.com/role') = 'authenticated';
is_auth0_authenticated: 
SELECT (auth.jwt() ->> 'https://tiemessenger.com/role') = 'authenticated';
current_user_uuid:
  SELECT ai.user_uuid
  FROM public.auth_identities ai
  WHERE ai.auth_provider = 'auth0'
    AND ai.provider_subject = (auth.jwt() ->> 'sub');
current_user_uuid:
  SELECT ai.user_uuid
  FROM public.auth_identities ai
  WHERE ai.auth_provider = 'auth0'
    AND ai.provider_subject = (auth.jwt() ->> 'sub');
0 Replies
No replies yetBe the first to reply to this messageJoin

Did you find this page helpful?