Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Table INSERT subscriptions fail with Error 401: Not Unauthorized #1107

Open
vyknight opened this issue Sep 6, 2023 · 12 comments
Open

Table INSERT subscriptions fail with Error 401: Not Unauthorized #1107

vyknight opened this issue Sep 6, 2023 · 12 comments
Labels
bug Something isn't working

Comments

@vyknight
Copy link

vyknight commented Sep 6, 2023

Describe the bug

I've subscribed to inserts on a table using the supabase api, when I add a row into that same table on the supabase web interface I receive notice that a change has occurred but not the content of the row that was inserted. I've ensured that the table has been added to the supabase-realtime channel just like the guide. I have tried to disable/enable RLS, giving all permissions to both anon and public roles, and also tried to use the api service key. None of these resolved the 401: unauthorized error.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

Code to subscribe to channel, which I copied from the API tab on the web interface.

const { createClient } = require('@supabase/supabase-js')

const supabase = createClient(process.env.SUPABASE_URL, process.env.SUPABASE_KEY)

const coachMessages = supabase.channel('custom-insert-channel')
  .on(
    'postgres_changes',
    { event: 'INSERT', schema: 'public', table: 'coach_messages' },
    (payload: any) => {
      console.log('Change received!', payload)
    }
  )
  .subscribe()

console.log(coachMessages)

and the error:

image

Row insertion and database actions are done using the supabase web interface.

Expected behavior

A clear and concise description of what you expected to happen.

The payload to contain the row that was just inserted in the payload.new property.

System information

  • OS: macOS
  • Browser: Firefox
  • Version of supabase-js: 2.33.1
  • Version of Node.js: 18.16.0
@vyknight vyknight added the bug Something isn't working label Sep 6, 2023
@saltcod saltcod transferred this issue from supabase/supabase Sep 7, 2023
@iamgmd
Copy link

iamgmd commented Sep 11, 2023

I am experiencing the same problem in 2.33.2. Is there a fallback version I can use until this bug is fixed?

btw.. I am using @nuxtjs/supabase and therefore const supabase = useSupabaseClient(); to create the subscription. I assume that it is a wrapper around @supabase/supabase-js.

@mfissehaye
Copy link

I am having the same problem.

@iamgmd
Copy link

iamgmd commented Sep 11, 2023

Ok, I think I got this to work but I am not sure as to why, maybe someone who is advanced in this topic maybe able to shed some light.

I turned off RLS for the table followed by:

grant select on table to anon;

as documented in Bring your own database

after I did that, I get the payload.

UPDATE: I needed both anon and authenticated for my shopping cart so:

grant select on transactions to anon, authenticated;

@mfissehaye
Copy link

mfissehaye commented Sep 12, 2023

Ok, I think I got this to work but I am not sure as to why, maybe someone who is advanced in this topic maybe able to shed some light.

I turned off RLS for the table followed by:

grant select on table to anon;

as documented in Bring your own database

after I did that, I get the payload.

UPDATE: I needed both anon and authenticated for my shopping cart so:

grant select on transactions to anon, authenticated;

That makes it work. Thank you.

@vyknight
Copy link
Author

Ok, I think I got this to work but I am not sure as to why, maybe someone who is advanced in this topic maybe able to shed some light.

I turned off RLS for the table followed by:

grant select on table to anon;

as documented in Bring your own database

after I did that, I get the payload.

UPDATE: I needed both anon and authenticated for my shopping cart so:

grant select on transactions to anon, authenticated;

This worked for me as well, thank a lot.

@johnsutor
Copy link

Make sure you have the Authorization header set on the webhook as well, as that can cause a 401

@peterj
Copy link

peterj commented Dec 9, 2023

The "Missing grants" section in the troubleshooting docs helper me fix this issue: https://supabase.com/partners/integrations/prisma#troubleshooting

@yellow-mi
Copy link

I get an error when I try to set anon for my table, any other workaround?

@HStromfelt
Copy link

I am hitting this problem as well.

I am watching for UPDATEs like so:

...
.on(
  "postgres_changes", { schema: "public", table: "Feed", event: "UPDATE" },
  (payload) => console.log("UPDATE", payload)
)
.subscribe()

All of my requests are via an authenticated client, so I only worry about the authenticated role.

I am finding that if I do not run grant select on "public"."Feed" to authenticated; then I get the 401 error, regardless of whether RLS is enabled for the given table.

If I run the grant command, then if RLS is enabled, the events don't fire -> now nothing gets console logged.
If I remove RLS, then the events fire properly, without the 401 error.

I am not sure why RLS would block the event like that - my only guess would be that the RLS is too restrictive, but this is my RLS policy:

create policy "policy_name"
on "public"."Feed"
as PERMISSIVE
for ALL
to authenticated
using (
  true
);

so I am being as insecure as possible with my RLS policy.

@pablojsx
Copy link

Same:

image

@yethuhlaing
Copy link

Ok, I think I got this to work but I am not sure as to why, maybe someone who is advanced in this topic maybe able to shed some light.

I turned off RLS for the table followed by:

grant select on table to anon;

as documented in Bring your own database

after I did that, I get the payload.

UPDATE: I needed both anon and authenticated for my shopping cart so:

grant select on transactions to anon, authenticated;

Thanks! That solves the problem.

@w3b6x9 w3b6x9 transferred this issue from supabase/supabase-js Jul 22, 2024
@amrsanu
Copy link

amrsanu commented Jan 7, 2025

Ok, I think I got this to work but I am not sure as to why, maybe someone who is advanced in this topic maybe able to shed some light.

I turned off RLS for the table followed by:

grant select on table to anon;

as documented in Bring your own database

after I did that, I get the payload.

UPDATE: I needed both anon and authenticated for my shopping cart so:

grant select on transactions to anon, authenticated;

Please explain the steps to run above command I am also seeing same issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

10 participants