You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The PostgREST release notes document some changes to the way GUC variables are handled here.
Supabase has created a config flag in the Dashboard to ensure that this will not be a breaking change. These changes are required before you can upgrade to PostgreSQL 14+, or use Realtime RLS.
Supabase has already updated all the default auth functions (auth.uid(), auth.role() and auth.email()), however we have no way of updating functions which we have not written ourselves.
Affected
Any project that have custom auth functions or generally any function that use legacy GUC naming convention to access JWT claims (eg current_setting('request.jwt.claims.XXX', true).
This change is required for PostgreSQL 14+.
This change is required for Realtime row level security
Unaffected
New projects
Existing projects who haven't written custom auth functions.
How to update
You need to update all functions that are using the legacy GUC naming convention (current_setting('request.jwt.claims.XXX', true)) to use the new convention (current_setting('request.jwt.claims', true)::json->>'XXX').
After you have made this change, you can safely
Example
For example, Supabase rewrote the auth.role() functions like this, to handle both legacy and new:
-- PREVIOUSLYcreate or replacefunctionauth.role()
returns text
language sql stable
as $$
select current_setting('request.jwt.claim.role', true)::text;
$$;
-- UPDATED FUNCTION TO HANDLE NEW GUC NAMING SCHEMEcreate or replacefunctionauth.role()
returns text
language sql stable
as $$
select
\tcoalesce(
\t\tcurrent_setting('request.jwt.claim.role', true),
\t\t(current_setting('request.jwt.claims', true)::jsonb ->>'role')
\t)::text
$$;
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
System updates
All projects
New projects
Manual Changes Required
Update custom auth functions
Details
The PostgREST release notes document some changes to the way GUC variables are handled here.
Supabase has created a config flag in the Dashboard to ensure that this will not be a breaking change. These changes are required before you can upgrade to PostgreSQL 14+, or use Realtime RLS.
Supabase has already updated all the default auth functions (
auth.uid()
,auth.role()
andauth.email()
), however we have no way of updating functions which we have not written ourselves.Affected
auth
functions or generally any function that use legacy GUC naming convention to access JWT claims (egcurrent_setting('request.jwt.claims.XXX', true)
.Unaffected
auth
functions.How to update
You need to update all functions that are using the legacy GUC naming convention (
current_setting('request.jwt.claims.XXX', true)
) to use the new convention (current_setting('request.jwt.claims', true)::json->>'XXX'
).After you have made this change, you can safely
Example
For example, Supabase rewrote the
auth.role()
functions like this, to handle both legacy and new:Beta Was this translation helpful? Give feedback.
All reactions