How to get access token from Supabase auth?

Hi,
Im trying to use the graphQL endpoint of Supabase with the Supabase Auth plugin. In order to fetch the graphQL endpoint on behalf of a user I need to provide Bearer auth header similar as what this example project is doing:

The question is how do I get such Bearer access token with Weweb Supabase auth?

Thank You!

@liweihan I’m not sure if I’m doing it right either, but while reviewing the cookies created by WeWeb, I was able to find a “sb-access-token” if I was logged in as a Supabase user. This cookie is not present if the user is anonymous. I wrote some JS to check for and pull out this cookie’s value if present and I have been able to pass it in the Authorization header successfully to a Supabase Edge Function. Note that I’ve only tested this while in the editor. I haven’t published an app yet so I haven’t tested in that context.

WeWeb smart people: is using the “sb-access-token” access a good idea or a bad idea?

1 Like

Hi, you can access it from wwLib.wwPlugins.supabaseAuth.settings.publicData.apiKey

It’s the public api key so you can access it from the public settings of the plugin.

@liweihan You could use the cookie but it’s not a great idea because we could update it and create unpredictable regression in your project (and we will because we recently found a limitation, we will attach a project id to the cookie name)

2 Likes

Thank you @Alexis ! Is there some place where all settings in wwLib / wwPlugins are listed? I tried looking around https://developer.weweb.io/ but had no luck.

The documentation is planned to be rewrite to have much more information.
In this specific usecase, this is link to the plugin itself, so i am taking note that having dev document for plugin is also a think to have in mind :slight_smile:

2 Likes

This works, thank you all!

apiKey is static so that’s actually not what Im looking for. access token which starts with Bearer is what Im looking for.

@liweihan were you able to figure out where to find the access token?

check out this other discussion i started: