-
-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Supabase Storage API Session is None in FastAPI with AuthBearer #869
Comments
This is likely more related to how FastAPI handles requests than the library itself. You should use some sort of persistent storage setup with FastAPI as sessions aren't shared between requests. |
Got it thanks! |
I was having a kinda of a similar issue where I only send the access_token to the backend and I would just have RLS problems when communicating with the supabase db. Because the only way to set the session in the backend is by using the after lot's of searching a solution that helped my was the following client = await create_async_client(
settings.SUPABASE_PROJECT_URL,
settings.SUPABASE_API_KEY,
options=ClientOptions(headers={"Authorization": f"Bearer {access_token}"}),
) which is basically when creating the client you have to pass the access_token like the above example, it would help with communicating with the supabase api's. But still even with that the idk if that helps |
Hi, Many thanks for answering.
Thanks for your answer |
This is not just a FastAPI issue is a supabase issue. I am sending an access token from my client to my server and setting the client as you would expect: options = ClientOptions(
headers={
"Authorization": f"Bearer {auth_token}",
"Content-Type": "application/json"
},
)
supabase_user = create_client(
os.environ.get('SUPABASE_URL', ''),
os.environ.get('SUPABASE_ANON_KEY', ''),
options=options
)
user = supabase_user.auth.get_user()
print(f"This doesnt work, User: {user}")` // This is None
user = supabase_user.auth.get_user(auth_token)
print(f"This works, User: {user}") All RLS policies work as expected. |
@lukajose This is the correct behavior. Setting the Authorization header doesn't set a session, it only passes that Authorization header to the API per request. |
Yeah that would be helpful, the current client is a bit confusing. I would expect the client to just return the user without passing the token. How would you set the session then?.
|
Bug report
Describe the bug
I am using supabase-py with fastapi.
I made a login endpoint that uses sign_in_with_password():
It returns access_token and refresh_token that then I save on my client. My client does requests with the access_token and I use an
AuthBearer on fastapi to validate the token and get current user on every endpoint I have:
When using storage api and being logged in, session is None so consequent storage requests give errors.
There are files in there.
I made a sample file to test:
and this gives correct info!
Maybe I am doing something wrong?
Many thanks
Bruno
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Expected behavior
supabase-py should maintain the session after authentication, allowing storage API calls to succeed as they do in the standalone script.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: