Need help setting up Auth0

Hey guys, I need help understanding the way supabase recommends adding auth0. As a third party provider.

In my application (Supabase + Nuxt) my user logs in successfully, but for some reason Supabase's

auth.jwt()

auth.jwt()

doesn't return the

sub

sub

. Hence I am unable to verify the user. I need help figuring out what I am missing.

In my usecase I am mostly using Supabase Client on the backend side only. So here is the code for it

export function serverSupabaseAuth0<T = Database>(event: H3Event) {
  const config = useRuntimeConfig();

  const authHeader = getHeader(event, 'authorization') || '';

  return createClient<T>(
    config.public.supabaseUrl,
    config.public.supabaseAnonKey,
    {
      global: {
        headers: {
          Authorization: authHeader, // Auth0 token → RLS respected
        },
      },
      auth: {
        autoRefreshToken: false,
        persistSession: false,
        detectSessionInUrl: false,
      },
    }
  ) as any;
}

export function serverSupabaseAuth0<T = Database>(event: H3Event) {
  const config = useRuntimeConfig();

  const authHeader = getHeader(event, 'authorization') || '';

  return createClient<T>(
    config.public.supabaseUrl,
    config.public.supabaseAnonKey,
    {
      global: {
        headers: {
          Authorization: authHeader, // Auth0 token → RLS respected
        },
      },
      auth: {
        autoRefreshToken: false,
        persistSession: false,
        detectSessionInUrl: false,
      },
    }
  ) as any;
}

The

authorization

authorization

header is the accessToken being returned by the Auth0.

Here is one of my RLS policies which are failing

alter policy "Only user can insert"
on "public"."tags"
to authenticated
with check (
  (is_auth0_authenticated() AND (created_by = current_user_uuid()))
);

alter policy "Only user can insert"
on "public"."tags"
to authenticated
with check (
  (is_auth0_authenticated() AND (created_by = current_user_uuid()))
);

is_auth0_authenticated: 
SELECT (auth.jwt() ->> 'https://tiemessenger.com/role') = 'authenticated';

is_auth0_authenticated: 
SELECT (auth.jwt() ->> 'https://tiemessenger.com/role') = 'authenticated';

current_user_uuid:
  SELECT ai.user_uuid
  FROM public.auth_identities ai
  WHERE ai.auth_provider = 'auth0'
    AND ai.provider_subject = (auth.jwt() ->> 'sub');

current_user_uuid:
  SELECT ai.user_uuid
  FROM public.auth_identities ai
  WHERE ai.auth_provider = 'auth0'
    AND ai.provider_subject = (auth.jwt() ->> 'sub');

Need help setting up Auth0

auth.jwt()

auth.jwt()

doesn't return the

sub

sub

. Hence I am unable to verify the user. I need help figuring out what I am missing.

In my usecase I am mostly using Supabase Client on the backend side only. So here is the code for it

export function serverSupabaseAuth0<T = Database>(event: H3Event) {
  const config = useRuntimeConfig();

  const authHeader = getHeader(event, 'authorization') || '';

  return createClient<T>(
    config.public.supabaseUrl,
    config.public.supabaseAnonKey,
    {
      global: {
        headers: {
          Authorization: authHeader, // Auth0 token → RLS respected
        },
      },
      auth: {
        autoRefreshToken: false,
        persistSession: false,
        detectSessionInUrl: false,
      },
    }
  ) as any;
}

export function serverSupabaseAuth0<T = Database>(event: H3Event) {
  const config = useRuntimeConfig();

  const authHeader = getHeader(event, 'authorization') || '';

  return createClient<T>(
    config.public.supabaseUrl,
    config.public.supabaseAnonKey,
    {
      global: {
        headers: {
          Authorization: authHeader, // Auth0 token → RLS respected
        },
      },
      auth: {
        autoRefreshToken: false,
        persistSession: false,
        detectSessionInUrl: false,
      },
    }
  ) as any;
}

The

authorization

authorization

header is the accessToken being returned by the Auth0.

Here is one of my RLS policies which are failing

alter policy "Only user can insert"
on "public"."tags"
to authenticated
with check (
  (is_auth0_authenticated() AND (created_by = current_user_uuid()))
);

alter policy "Only user can insert"
on "public"."tags"
to authenticated
with check (
  (is_auth0_authenticated() AND (created_by = current_user_uuid()))
);

is_auth0_authenticated: 
SELECT (auth.jwt() ->> 'https://tiemessenger.com/role') = 'authenticated';

is_auth0_authenticated: 
SELECT (auth.jwt() ->> 'https://tiemessenger.com/role') = 'authenticated';

current_user_uuid:
  SELECT ai.user_uuid
  FROM public.auth_identities ai
  WHERE ai.auth_provider = 'auth0'
    AND ai.provider_subject = (auth.jwt() ->> 'sub');

current_user_uuid:
  SELECT ai.user_uuid
  FROM public.auth_identities ai
  WHERE ai.auth_provider = 'auth0'
    AND ai.provider_subject = (auth.jwt() ->> 'sub');

Need help setting up Auth0

Need help setting up Auth0

Similar Threads

Similar Threads

Similar Threads