Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot access request.jwt.claims when running Postgres 13 or lower #3

Closed
reaganmac opened this issue Jul 21, 2022 · 1 comment
Closed

Cannot access request.jwt.claims when running Postgres 13 or lower #3

reaganmac opened this issue Jul 21, 2022 · 1 comment

Comments

@reaganmac
Copy link

Hi,

I've discovered that if your instance on Supabase was created a while ago, it might not be running Postgres 14. If that is the case, then trying to access request.jwt.claims will not work, as the name for the parameter has changed (to see what version of Postgres your instance is running, you can execute show server_version in the SQL Editor).

If that is the case, the functions in install.sql will need to be altered.

I had to change the body of is_claims_admin to the following:

CREATE OR REPLACE FUNCTION is_claims_admin() RETURNS "bool"
  LANGUAGE "plpgsql" 
  AS $$
  BEGIN
    IF session_user = 'authenticator' THEN
      --------------------------------------------
      -- To disallow any authenticated app users
      -- from editing claims, delete the following
      -- block of code and replace it with:
      -- RETURN FALSE;
      --------------------------------------------
      IF extract(epoch from now()) > coalesce((current_setting('request.jwt.claim.exp', true)::jsonb), '0')::numeric THEN
        return false; -- jwt expired
      END IF; 
      IF coalesce((current_setting('request.jwt.claim.app_metadata', true)::jsonb)->'claims_admin', 'false')::bool THEN
        return true; -- user has claims_admin set to true
      ELSE
        return false; -- user does NOT have claims_admin set to true
      END IF;
      --------------------------------------------
      -- End of block 
      --------------------------------------------
    ELSE -- not a user session, probably being called from a trigger or something
      return true;
    END IF;
  END;
$$;

Similarly, I altered get_my_claims() to:

CREATE OR REPLACE FUNCTION get_my_claims() RETURNS "jsonb"
    LANGUAGE "sql" STABLE
    AS $$
  select 
  	coalesce(nullif(current_setting('request.jwt.claim.app_metadata', true), '')::jsonb, '{}'::jsonb)::jsonb
$$;

and get_my_claim() becomes

CREATE OR REPLACE FUNCTION get_my_claim(claim TEXT) RETURNS "jsonb"
    LANGUAGE "sql" STABLE
    AS $$
  select 
  	coalesce(nullif(current_setting('request.jwt.claim.app_metadata', true), '')::jsonb -> claim, null)
$$;

I think this could be solved in the install.sql file by checking the version number in these function definitions, perhaps with

IF coalesce((select current_setting('server_version_num', true))::int, 0) < 140000 THEN ...

or something similar.
@burggraf
Copy link
Contributor

burggraf commented Nov 8, 2022

Thanks for this.

@burggraf burggraf closed this as completed Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@burggraf @reaganmac