Improve documentation
Link
https://supabase.com/dashboard/project/EXAMPLE/functions/hello-world/details (Replace EXAMPLE and hello-world)
Describe the problem
The page describes the following command:
curl -L -X POST 'https://EXAMPLE.supabase.co/functions/v1/hello-world' \
-H 'Authorization: Bearer SUPABASE_PUBLISHABLE_KEY' \
-H 'apikey: SUPABASE_PUBLISHABLE_KEY' \
-H 'Content-Type: application/json' \
--data '{"name":"Functions"}'
which results in the following error:
{"code":"UNAUTHORIZED_INVALID_JWT_FORMAT","message":"Invalid JWT"}
Describe the improvement
According to https://supabase.com/docs/guides/functions/auth#understanding-authorization-headers
A common mistake is sending a publishable or secret key as a bearer token
...
The new API keys are not JWTs. The platform check can't validate them, and your handler can't verify them as JWTs either. Instead, put API keys in the apikey header.
You can send both headers together. A signed-in user calling your function through supabase-js, for example, sends their session JWT in Authorization and the project's publishable key in apikey.
I suggest changing the ${keyValue} in the Authorization header to <JWT-TOKEN> or simply replacing it with an explanation for verify_jwt=false.
Improve documentation
Link
https://supabase.com/dashboard/project/EXAMPLE/functions/hello-world/details (Replace EXAMPLE and hello-world)
Describe the problem
The page describes the following command:
which results in the following error:
{"code":"UNAUTHORIZED_INVALID_JWT_FORMAT","message":"Invalid JWT"}Describe the improvement
According to https://supabase.com/docs/guides/functions/auth#understanding-authorization-headers
I suggest changing the
${keyValue}in theAuthorizationheader to<JWT-TOKEN>or simply replacing it with an explanation forverify_jwt=false.