truffle_search
truffle_search
PostsComments
KKinde
Created by truffle_search on 5/13/2024 in #💻┃support
Kinde + Supabase
I finally figured this out and thought I'd report back: Step 1: get the kinde token 
const kindeSession = getKindeServerSession();
const kindeToken = await kindeSession.getIdToken();
const kindeSession = getKindeServerSession();
const kindeToken = await kindeSession.getIdToken();
Step 2: sign the token using the JWT secret (set your JWT secret in Supabase to be the same as your Kinde Client Secret). I used the 'jsonwentoken' package. Super simple. 
var jwt = require('jsonwebtoken');
    const secret = process.env.KINDE_CLIENT_SECRET;
    var accessToken = jwt.sign(kindeToken, secret);
var jwt = require('jsonwebtoken');
    const secret = process.env.KINDE_CLIENT_SECRET;
    var accessToken = jwt.sign(kindeToken, secret);
Step 3: Pass the signed token along with your Supabase url and key into a 'createClient' object: 
import { createClient, SupabaseClient, SupabaseClientOptions } from '@supabase/supabase-js';

interface CustomSupabaseOptions extends SupabaseClientOptions<any> {
  global?: {
    headers: {
      Authorization: string;
    };
  };
}

export const getSupabase = (access_token: string): SupabaseClient<any> => {
    const options: CustomSupabaseOptions = {
        global: {
            headers: {
                Authorization: `Bearer ${access_token}`
            }
        }
    };

    return createClient(
        process.env.NEXT_PUBLIC_SUPABASE_URL!,
        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
        options
    );
};
import { createClient, SupabaseClient, SupabaseClientOptions } from '@supabase/supabase-js';

interface CustomSupabaseOptions extends SupabaseClientOptions<any> {
  global?: {
    headers: {
      Authorization: string;
    };
  };
}

export const getSupabase = (access_token: string): SupabaseClient<any> => {
    const options: CustomSupabaseOptions = {
        global: {
            headers: {
                Authorization: `Bearer ${access_token}`
            }
        }
    };

    return createClient(
        process.env.NEXT_PUBLIC_SUPABASE_URL!,
        process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,
        options
    );
};
Step 4: Now you can make your db call with something like: 
const { data, error } = await getSupabase (token)
    .from('your_table_name')
    .select('*');
const { data, error } = await getSupabase (token)
    .from('your_table_name')
    .select('*');
Step 5: You are finally in a position to enable RLS by setting up a relation like this: (get_user_id() = user_id) where get_user_id() parses out the sub attribute of your token that contains the user name.
6 replies
KKinde
Created by truffle_search on 5/13/2024 in #💻┃support
Kinde + Supabase
@Peter (Kinde) thanks very much for your response! I was able to set up some logging, and it seems that the token that is being passed to Supabase looks like this: {"exp":2031043094,"iat":1715467094,"iss":"supabase","ref":"chxdqfnsegmawxamcxmn","role":"anon"} According to the guide, by syncing the Kinde Client Secret with the Supabase JWT Secret, I should be able to get the Kinde user_id as the 'sub' attribute in the token. I'll look into passing a token through the header as a workaround, but I'm sure I'm just missing something obvious. Again, thank you!
6 replies