mirror of
https://github.com/supabase/supabase.git
synced 2026-05-22 17:00:43 +08:00
9d46004210
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Docs update. ## What is the current behavior? The "Securing Edge Functions" guide (`/docs/guides/functions/auth`) opens with two conceptual sections — "Understanding authorization headers" and "The `verify_jwt` platform check" — followed by a "Common auth patterns" section that re-implements the same four use cases twice: once without an SDK using `Deno.serve` + manual `createClient` + manual `Authorization` header forwarding, and again using `@supabase/server`. The recommended path is buried below background reading and a legacy-style implementation. Linear: COM-235. ## What is the new behavior? The guide now leads with practical how-tos built on `@supabase/server`: - Authenticated user calls (`auth: 'user'`) - Service-to-service calls (`auth: 'secret'`) - Public functions (`auth: 'none'`) - External webhooks (`auth: 'none'` + signature verification) - Combining modes - Custom error responses - Environment variables The two conceptual sections are extracted into a new sibling page at `/docs/guides/functions/auth-headers` ("Authorization headers"), linked from the top of the how-to page and added to the side nav between "Securing your functions" and "Legacy JWT secret". The legacy SDK-less examples are removed. The mode table uses the unnamed forms (`'secret'`, `'publishable'`), and a note in the service-to-service section introduces the `'secret:<name>'` / `'publishable:<name>'` syntax for callers that want to scope to a specific named key. ## Additional context Each section preserves the "who calls this and why" framing from the original (cron jobs, workers, and `pg_net` for service-to-service; `supabase.functions.invoke` for authenticated user calls; signed webhook providers for external webhooks). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added a new guide explaining Edge Functions authentication headers, JWT validation, and API key handling * Redesigned core authentication guide to focus on the primary wrapper approach with clearer examples and common scenarios * Improved navigation and added redirects to make authentication docs easier to find and access <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45959?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
7.2 KiB
7.2 KiB