0

Started to use supabase and focus a bit on auth/session ...

I have a simple Node app with signInWithPassword and a endpoint getClients.

My table has a policy for SELECT

alter policy "Enable read access for all users"

on "public"."clients"

to authenticated

using (

true

);

Node, signInWithPassword:

export const loginRepository = async (email: string, password: string) => {
  const { data, error } = await supabase.auth.signInWithPassword({
    email,
    password,
  });
  if (error) throw new Error(error.message);
  return data;
};

getClients

export const getClientsRepository = async () => {
  const { data, error } = await supabase.from("clients").select();

  if (error) throw new Error(error.message);

  return data;
};

Clients table is just a table with id, name, surname, email and phone number. This is for test purpose.

I noticed when calling signInWithPassword from postman, I can then retrieve the data from everywhere (brower, postman ...)

I don't understand the behavior behind the scene ? Why supabase know me ? How this is managed ?

Following the doc, anon or publishable key authenticate the app, not the user.

I use the publishable key but same behavior with anon key.

If someone can explain or just give me the doc about that, it will be really apreciated.

Improve this question
11
  • 1
    "I can then retrieve the data from everywhere (brower, postman ...)" - given your policy, you can retrieve data from every client even without signing in. Or am I missing something here? Commented Aug 26 at 22:22
  • 1
    Did you make sure to alter table public.clients enable row level security;? Commented Aug 26 at 22:26
  • 1
    "when calling signInWithPassword from postman" - wait how did you do that exactly? What do you mean by "I have a simple Node app with signInWithPassword and a endpoint getClients."? Can you share that code please? Commented Aug 26 at 22:32
  • I edited my post to include more informations Commented Aug 27 at 8:18
  • 1
    So these loginRepository and getClientsRepository functions are located in your nodejs server code? Commented Aug 27 at 15:07
Related questions
2
Supabase - Row Level Security Policy (RLS) how to limit access with SUPABASE_ANON_KEY to authenticated user only?
2
Supabase "Auth session missing!" after verifyOtp
1
Supabase update user phone number after authentication
Load 3 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.