I have a project in supabase for a react native mobile client. I use a custom oauth flow where a service called autolab manages all my auth and gives me a token which I then convert into my own jwt on the backend. I use the jwt when initializing the supabase client and everything was working fine until I started doing realtime. I have proper RLS policies in place based on the custom JWT which enables me to read/write/delete but when it comes to realtime, only DELETE events get emitted and not INSERT.
So this is how I mint my own JWT on the backend:
const jwtPayload = {
sub: autolabUser.email,
aud: "authenticated",
role: "authenticated",
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + 7200, // autolab token is valid for 2 hours
};
const supabaseJwt = jwt.sign(jwtPayload, process.env.SUPABASE_JWT_SECRET, {
// expiresIn: "2h",
});
Im just using this JWT to initialize supabase using the Authorization header:
createClient(
process.env.EXPO_PUBLIC_SUPABASE_URL,
process.env.EXPO_PUBLIC_SUPABASE_ANON_KEY,
{
global: {
headers: {
Authorization: `Bearer ${jwtToken}`,
},
},
}
);
When I was testing realtime events, I inserted something onto my table and found out it was not emitted. I have two policies in place for my delete, insert and read:
create policy "Enable read for all authenticated users"
on "public"."queue_entries"
to public
using (
((auth.jwt() ->> 'role'::text) = 'authenticated'::text)
);
create policy "Enable insert for all authenticated users"
on "public"."queue_entries"
to public
with check (
(( SELECT (auth.jwt() ->> 'role'::text)) = 'authenticated'::text)
);
I'm not sure where to go from here as I couldn't find any good online resources for this problem either, so any help would be greatly appreciated! Thank You!
