Integrating With Supabase Auth
Edge Functions work seamlessly with Supabase Auth , allowing you to identify which user called your function.
When invoking a function with one of the client libraries , the logged in user's JWT is automatically attached to the function call and becomes accessible within your function.
This is important, for example, to identify which customer's credit card should be charged. You can see this concept end-to-end in our Stripe example app .
Auth Context & RLS#
By creating a supabase client with the auth context from the function, you can do two things:
Get the user object.
Run queries in the context of the user with Row Level Security (RLS) policies enforced.
supabase/functions/select-from-table-with-auth-rls/ index.ts
_35 import { serve } from 'https://deno.land/std@0.177.0/http/server.ts'
_35 import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'
_35 serve(async (req: Request) => {
_35 // Create a Supabase client with the Auth context of the logged in user.
_35 const supabaseClient = createClient(
_35 // Supabase API URL - env var exported by default.
_35 Deno.env.get('SUPABASE_URL') ?? '',
_35 // Supabase API ANON KEY - env var exported by default.
_35 Deno.env.get('SUPABASE_ANON_KEY') ?? '',
_35 // Create client with Auth context of the user that called the function.
_35 // This way your row-level-security (RLS) policies are applied.
_35 { global: { headers: { Authorization: req.headers.get('Authorization')! } } }
_35 // Now we can get the session or user object
_35 } = await supabaseClient.auth.getUser()
_35 // And we can run queries in the context of our authenticated user
_35 const { data, error } = await supabaseClient.from('users').select('*')
_35 if (error) throw error
_35 return new Response(JSON.stringify({ user, data }), {
_35 headers: { 'Content-Type': 'application/json' },
_35 return new Response(JSON.stringify({ error: error.message }), {
_35 headers: { 'Content-Type': 'application/json' },
See the example on GitHub .
