How to enforce RLS when accessing data via supabase-js?

I need to access my supabase db in behalf of a user in my middleware backend. I've got RLS set up (only the auth.user can access his rows) and I've got a valid jwt_token from my client, where the user is logged in.

Is the follwing approache using supabase-js the correct way to do this?

const supabase = createClient( supabaseUrl, anonKey, {
    global: { 
      headers: {
        Authorization: `Bearer ${user_jwt_token}`
        }
      }  
  });

const supabase = createClient( supabaseUrl, anonKey, {
    global: { 
      headers: {
        Authorization: `Bearer ${user_jwt_token}`
        }
      }  
  });

const supabase = createClient( supabaseUrl, anonKey, {
    global: { 
      headers: {
        Authorization: `Bearer ${user_jwt_token}`
        }
      }  
  });

const supabase = createClient( supabaseUrl, anonKey, {
    global: { 
      headers: {
        Authorization: `Bearer ${user_jwt_token}`
        }
      }  
  });

Apparently, I can pass the token via headers and supabase will give access to the data according to this token.

The anonKey is like a user token without actual user reference. Therefore, it will only be able to access 'unprotected' records?

How to enforce RLS when accessing data via supabase-js?

Similar Threads

Similar Threads

Similar Threads