JS SDK query call produces different results

I ran same query:

const { data: userOrgPermissions } = await supabaseUser
                .from('user_organization_role')
                .select('*, role_based_organization_access_control(*)')
                .eq('organization_id', 1)
                .eq('user_id', "xxx")
                .maybeSingle()
                .throwOnError()

const { data: userOrgPermissions } = await supabaseUser
                .from('user_organization_role')
                .select('*, role_based_organization_access_control(*)')
                .eq('organization_id', 1)
                .eq('user_id', "xxx")
                .maybeSingle()
                .throwOnError()

const { data: userOrgPermissions } = await supabaseUser
                .from('user_organization_role')
                .select('*, role_based_organization_access_control(*)')
                .eq('organization_id', 1)
                .eq('user_id', "xxx")
                .maybeSingle()
                .throwOnError()

const { data: userOrgPermissions } = await supabaseUser
                .from('user_organization_role')
                .select('*, role_based_organization_access_control(*)')
                .eq('organization_id', 1)
                .eq('user_id', "xxx")
                .maybeSingle()
                .throwOnError()

In Edge function and on the client, on the client I'm getting result I need and on the edge function I get null. I'm thinking it might be because of RLS but in my edge function I'm creating my client following way:

export const createSupabaseUserClient = (userToken: string) => createClient<Database>(
    ENV.SUPABASE_URL ?? '',
    ENV.SUPABASE_ANON_KEY ?? '',
    {
        global: {
            headers: { Authorization: userToken },
        },
    }
)

export const getUserTokenFromHonoRequest = (req: HonoRequest) => {
    const authHeader = req.header('Authorization')
    if (!authHeader) throw new Error('No Authorization header')
    const token = authHeader.replace('Bearer ', '')
    return token;
}

export const createSupabaseUserClientFromHonoRequest = (req: HonoRequest) => {
    const userToken = getUserTokenFromHonoRequest(req)
    return createSupabaseUserClient(userToken)
}

export const createSupabaseUserClient = (userToken: string) => createClient<Database>(
    ENV.SUPABASE_URL ?? '',
    ENV.SUPABASE_ANON_KEY ?? '',
    {
        global: {
            headers: { Authorization: userToken },
        },
    }
)

export const getUserTokenFromHonoRequest = (req: HonoRequest) => {
    const authHeader = req.header('Authorization')
    if (!authHeader) throw new Error('No Authorization header')
    const token = authHeader.replace('Bearer ', '')
    return token;
}

export const createSupabaseUserClientFromHonoRequest = (req: HonoRequest) => {
    const userToken = getUserTokenFromHonoRequest(req)
    return createSupabaseUserClient(userToken)
}

export const createSupabaseUserClient = (userToken: string) => createClient<Database>(
    ENV.SUPABASE_URL ?? '',
    ENV.SUPABASE_ANON_KEY ?? '',
    {
        global: {
            headers: { Authorization: userToken },
        },
    }
)

export const getUserTokenFromHonoRequest = (req: HonoRequest) => {
    const authHeader = req.header('Authorization')
    if (!authHeader) throw new Error('No Authorization header')
    const token = authHeader.replace('Bearer ', '')
    return token;
}

export const createSupabaseUserClientFromHonoRequest = (req: HonoRequest) => {
    const userToken = getUserTokenFromHonoRequest(req)
    return createSupabaseUserClient(userToken)
}

export const createSupabaseUserClient = (userToken: string) => createClient<Database>(
    ENV.SUPABASE_URL ?? '',
    ENV.SUPABASE_ANON_KEY ?? '',
    {
        global: {
            headers: { Authorization: userToken },
        },
    }
)

export const getUserTokenFromHonoRequest = (req: HonoRequest) => {
    const authHeader = req.header('Authorization')
    if (!authHeader) throw new Error('No Authorization header')
    const token = authHeader.replace('Bearer ', '')
    return token;
}

export const createSupabaseUserClientFromHonoRequest = (req: HonoRequest) => {
    const userToken = getUserTokenFromHonoRequest(req)
    return createSupabaseUserClient(userToken)
}

So this function should behave exactly same as if was called on the client, yet it doesnt

garyaustin•10/16/25, 1:23 PM

The quickest debug step is to log out userToken in your edge function.

Floppy DiskOP•10/16/25, 1:30 PM

It's present, not sure what to do later with it? Create new supabase instance on the client with it?

garyaustin•10/16/25, 1:32 PM

You decoded the token and it is a user token and not anon?

garyaustin•10/16/25, 1:34 PM

I assume you are not getting an error returned in edge function call and just null for data.

If no error then it almost certainly is RLS not returning any data with no error.

The db won't know the difference to client calls from edge or your code if the same, with the same user token.

garyaustin•10/16/25, 1:35 PM

Do you have two instances? Could your edge function be going to the wrong instance? Or local versus hosted?

Floppy DiskOP•10/16/25, 1:39 PM

Yeah, token matches user calling the edge function. I'm not getting any error. I have 2 instances, one is created with service role key for tasks that can't be handled by user

export const supabaseService = createClient<Database>(ENV.SUPABASE_URL!, ENV.SUPABASE_SERVICE_ROLE_KEY!);
export const supabaseAnon = createClient<Database>(ENV.SUPABASE_URL!, ENV.SUPABASE_ANON_KEY!);

export const createSupabaseUserClient = (userToken: string) => createClient<Database>(
    ENV.SUPABASE_URL ?? '',
    ENV.SUPABASE_ANON_KEY ?? '',
    {
        global: {
            headers: { Authorization: userToken },
        },
    }
)

export const supabaseService = createClient<Database>(ENV.SUPABASE_URL!, ENV.SUPABASE_SERVICE_ROLE_KEY!);
export const supabaseAnon = createClient<Database>(ENV.SUPABASE_URL!, ENV.SUPABASE_ANON_KEY!);

export const createSupabaseUserClient = (userToken: string) => createClient<Database>(
    ENV.SUPABASE_URL ?? '',
    ENV.SUPABASE_ANON_KEY ?? '',
    {
        global: {
            headers: { Authorization: userToken },
        },
    }
)

Floppy DiskOP•10/16/25, 1:41 PM

Tho I did same thing in NextJS project where I created supabaseService and supabaseUser and it worked as expected

garyaustin•10/16/25, 1:44 PM

Next I would turn off RLS as a test and see if the edge works.

By instances I mean two Supabase projects hosted or local with similar tables. If so log out the URL on the edge function to see if going to the instance you expect.

Floppy DiskOP•10/16/25, 1:47 PM

Ah right, I have but this function is only present on one of them. I double checked and updating response is reflected on the client.

Floppy DiskOP•10/16/25, 1:49 PM

Disabling RLS helped but why same query works differently on edge and client? Values used in both are hard coded, I can't think of a reason it could be this way

garyaustin•10/16/25, 1:50 PM

Any chance your client code is running as service_role?

garyaustin•10/16/25, 1:50 PM

You are not sending the same authorization header is the most likely case.

garyaustin•10/16/25, 1:51 PM

Look in the dashboard API Gateway logs for each request. It will show you the role and user making the call.

Floppy DiskOP•10/16/25, 1:51 PM

Any chance your client code is running as service_role?

No, it's React app and thats why Im making edge functions instead of proper back end

Look in the dashboard API Gateway logs for each request. It will show you the role and user making the call.

Sure, will see

garyaustin•10/16/25, 2:02 PM

I don't have an auth user right now but I believe the 2nd set here would show a user token and then a user id.

Floppy DiskOP•10/16/25, 2:15 PM

Yeah these are all blank for me

Floppy DiskOP•10/16/25, 2:21 PM

I checked against call made on the client and with client I'm getting auth_user: some idauth_user: some id and with edge function I'm getting null

Floppy DiskOP•10/16/25, 2:22 PM

Tho I see in this code I was using some older version of supabase (2.39.0) I'm updating it now to see if it will resolve the error

garyaustin•10/16/25, 2:27 PM

Also when I have a signed in user:

garyaustin•10/16/25, 2:27 PM

Sure seems like you are sending anon key as your token to the edge function. Or at least not setting the authorization header to that at the point of the call.

Maybe link all your source for the function.

Floppy DiskOP•10/16/25, 2:39 PM

I put everything in single file if thats what you wanted.

createSupabaseUserClientcreateSupabaseUserClient is based on https://supabase.com/docs/guides/functions/auth

And I think I got a culprit. I'm not adding BearerBearer in createSupabaseUserClientcreateSupabaseUserClient

source.ts6.11KB

Integrating With Supabase Auth | Supabase Docs

Supabase Edge Functions and Auth.

garyaustin•10/16/25, 2:40 PM

That is it.

Floppy DiskOP•10/16/25, 2:41 PM

Yeah, I just tested it. Such a stupid mistake. Thanks for help

Floppy DiskOP•10/16/25, 2:46 PM

Quick question tho, does supabase test against 10 minute mail? I can't find anything on that online and I'm getting error "Invalid email address" for mail tde11508@toaik.com (I'm testing functionality inviting user if they don't have account yet)

garyaustin•10/16/25, 2:49 PM

Are you using a custom smtp?

Floppy DiskOP•10/16/25, 2:59 PM

Oh yeah, it must be that

JS SDK query call produces different results

Similar Threads

Similar Threads

Similar Threads