Skip to main content

setAuth()

Overrides the JWT on the current client. The JWT will then be sent in all subsequent network requests.

function apiFunction(req, res) {
  // Assuming the access token was sent as a header "X-Supabase-Auth"
  const { access_token } = req.get('X-Supabase-Auth') 

  // You can now use it within a Supabase Client 
  const supabase = createClient("https://xyzcompany.supabase.co", "public-anon-key")
  const { user, error } = supabase.auth.setAuth(access_token)

  // This client will now send requests as this user
  const { data } = await supabase.from('your_table').select()
}

Parameters

  • access_tokenrequiredstring

    a jwt access token

Examples

Basic example.

This is most useful on server-side functions where you cannot log the user in, but have access to the user's access token.

function apiFunction(req, res) {
  // Assuming the access token was sent as a header "X-Supabase-Auth"
  const { access_token } = req.get('X-Supabase-Auth') 

  // You can now use it within a Supabase Client 
  const supabase = createClient("https://xyzcompany.supabase.co", "public-anon-key")
  const { user, error } = supabase.auth.setAuth(access_token)

  // This client will now send requests as this user
  const { data } = await supabase.from('your_table').select()
}

With Express.


/**
* Make a request from the client to your server function
*/
async function makeApiRequest() {
  const token = newClient.session()?.access_token

  await fetch('https://example.com/withAuth', {
     method: 'GET',
     withCredentials: true,
     credentials: 'include',
     headers: {
      'Content-Type': 'application/json',
      'Authorization': bearer, // Your own auth
      'X-Supabase-Auth': token, // Set the Supabase user
     }
  })
}

/**
* Use the Auth token in your server-side function.
*/
async function apiFunction(req, res) {
  const { access_token } = req.get('X-Supabase-Auth') 

  // You can now use it within a Supabase Client 
  const supabase = createClient("https://xyzcompany.supabase.co", "public-anon-key")
  const { user, error } = supabase.auth.setAuth(access_token)

  // This client will now send requests as this user
  const { data } = await supabase.from('your_table').select()
}