Supabase Auth
Auth using a Supabase Access Token (JWT)
This block allows you to check that an incoming request is from a logged in Supabase user. If it is not, it will return a 401 Unauthorized response.
If it is, you can then use the claims in the JWT to further authorize the request. For example, you can check for a specific user or that the user has the correct role or that they have access to a specific resource.
To check for a claim enter the json path as the key and the expected value as the value in the Custom Claim Validation parameter. If the claim is not present or does not match the expected value, the block will not authorise the trigger.
If you want to check if a claim is one of a list of values, you can enter a json array of the values (eg. ["name@example.com", "user@example.com"]) and if the claim is present and one of the values in the array, the block will authorise the trigger. You can also build an array directly on the tree if you expose the parameter as a Data Structure.
Parameters
| Parameter | Parameter | Valid Blocks | Required |
|---|---|---|---|
Supabase Project URL | Your Supabase project URL, eg: https://yourprojecturl.supabase.co | Text Block Group | Yes |
Supabase Anon API Key | Your anon/public Supabase API Key | Secret Block Group | Yes |
Optional Custom Auth Header Name | The name of the header that contains the Supabase User Token (JWT). A header named `Authorization` is the default value and it expects the value of this header to be a JWT prefixed by `Bearer` | Text Block Group | No |
Custom Claim Validation (optional) | A list of claims to validate on the Supabase JWT. If any of the claims are not present or do not match the expected value, the block will not authorise the trigger. | Data Structure Block Group | No |