Supabase custom claims

Question

I was looking for a way to implement RBAC in supabase, then I have stumbled upon this.However when I try to run the set_claim in a trigger function which runs on insert of new user, I get error that function doesn't exist.

There is an open issue here, but was wondering if anyone can help even with some work around.

ERROR:

FUNCTIONS:

TRIGGER:

score 1 · Answer 1 · answered Nov 07 '22 at 13:00

1

I wrote that custom claims repo, and it sounds like you don't have the functions installed correctly. Did you copy the contents of the install.sql file and run that in the Query Editor screen of your Supabase dashboard? That should solve your issue.

answered Nov 07 '22 at 13:00

Mark Burggraf

181
1
3

Hi Mark. Thanks for the fast response and the great library you have developed. I actually installed the library, and ran the functions successfully inside query, so am not sure if I missed something else. The other point, it is not only me who complains about that, maybe you can have a look on the repo open issues. Basically the functions cant be seen inisde triggers – ProllyGeek Nov 07 '22 at 14:32
Triggers don't run in the context of the user session, so claims are not applicable there. You can, however, get at the claims inside the database by look at the app_metadata for the user, and this should an attribute of the NEW object inside a trigger if you need it. – Mark Burggraf Nov 08 '22 at 17:09

score 1 · Answer 2 · edited May 06 '23 at 13:59

1

I see you're trying to update the JWT metadata. I was struggling with the same thing and a solution for this is to not use the set_claims function, but run the updates inside this function.

In this case the user_role is ROLE_NAME, but it can be replaced or select it from a different table. The NEW.user_id is the current record's user_id field value. Make sure you run this after the new record is created, or after update.

BEGIN
  update auth.users set raw_app_meta_data = 
    raw_app_meta_data || 
      json_build_object('user_role', '"ROLE_NAME"')::jsonb where id = NEW.user_id;
  RETURN NEW;
END;

edited May 06 '23 at 13:59

Tyler2P

2,324
26
22
31

answered May 03 '23 at 17:11

Claudiu Oprisan

11
2

My app signup page has options to choose a role. Is it possible to set the role based on selected option? If user selected A then the role would be `TEACHER` otherwise `STUDENT`. – abiieez Jul 28 '23 at 03:50

Supabase custom claims

2 Answers2