How to run RLS with Supabase?
Hey guys,
I made a web app with Flutterflow, Supabase and Buildship. I have RLS enabled and made policies to only allow authorized users to select, insert end update rows. My plan was to use the service_key role api key in my Buildship Supabase nodes to bypass RLS. But that does not work.
I found this on github; https://github.com/orgs/supabase/discussions/15860
What packages is Buildship using by default? Its not in the docs. Can it be that it uses auth-helpers/ssr? If so, how would you recommend I grant my backend acces to Supabase DB with RLS enabled?
GitHub
Performing administration tasks on the server side with the service...
By default, the auth-helpers/ssr do not permit the use of the service_role secret. This restriction is in place to prevent the accidental exposure of your service_role secret to the public. Since t...
8 Replies
Solution
I changed the nodes to 'with token' equivalents, now they work.
@Sleetza I'm having the same use case, and can't figure it out.
If you want to use service_role Supabase key,
what do you as API key and as a Token in BuildShip node?
In your Supabase api section there is a seperate api key for the service role. I use the token that I grab from my FF frontend via api (bearer token)
Can you please share a screenshot where do you get this Bearer token?
And I wonder, shouldn’t it have expiration period (something like a few hours or days?)
@Sleetza , sorry if I look to pushy. I’m really looking forward to find solution for my issue, and will appreciate your input a lot 🙏
Integrate Supabase DB with BuildShip – BuildShip
A unified resource to start building your backend with low-code. Dive into triggers, nodes, and step-by-step guidance to jumpstart your workflow creation.
@Gaurav Chadha , unfortunately in this article there is no information how to get Bearer Token, if the Buildhip is triggered from Supabase
And If am using node without Token, then I cannot overcome RLS
Maybe try the Supabase discord
Did you ever find a solution for this?