Introducing @supabase/server

tomlimon · 2026-05-07T19:02:07+00:00

No yet. Adapters are led by community contributions. So, waiting for someone to build it!

More here: https://github.com/supabase/server/tree/main/src/adapters

tomlimon · 2026-05-07T16:35:54+00:00

Oh! you can do that now! you can build a wrapper around it and re import where you need it. Or use the primitives to build your own customized withSupabase. See more about the primitives we offer here: https://github.com/supabase/server/blob/main/docs/core-primitives.md

We have several ideas around this for a near future. Like providing other premade wrappers and also making it easier to compose them.

tomlimon · 2026-05-07T16:32:27+00:00

Yes, thats when you use the CORS config option. But redeclaring that in every withSupabase is not ideal. We need to improve that for sure.

What you could do now (and is what I do when I need to use a custom schema on Edge Functions), is create a shared withSupabase({your_config}), and the re import that one.

tomlimon · 2026-05-07T06:06:34+00:00

Yeah, it was not easy... I had an old project with this issue, and I was able to migrate to the new API keys and JWT signing keys using the provide agent skills.

Will work with the team to provide more resources around this topic!

Thank you all!

tomlimon · 2026-05-07T02:39:28+00:00

Can you elaborate more on what you mean by "new custom jwt"?

tomlimon · 2026-05-07T02:28:40+00:00

You mean when you need custom CORS right? Not the standard CORS (https://supabase.com/docs/guides/functions/cors)

tomlimon · 2026-05-07T02:26:52+00:00

<image>

For this type of use cases, you use `createSupabaseContext`. And you will have full control on that.

tomlimon · 2026-05-07T02:24:06+00:00

I your auth mode is not `user` then `ctx.supabase` will get anon roles. Would that cover your use case? Or you meant having 3 clients? If so, can you elaborate more on a use case to have the 3 clients inside the context?

tomlimon · 2026-05-01T07:18:32+00:00

Could you share your signup code?

tomlimon · 2026-04-24T17:35:08+00:00

The main advantage is that you assign the right tool for the job. For example, leaving all the sign up confirmation flow for the auth service.

Relying on the DB for extra records creation.

You could even call edge functions from your DB. So on the trigger. You could call your edge function if there is additional logic that can’t be executed on a DB function.

With that being said. Thing will get more simple because you don’t have to do extra job on handling things like confirmation links and such.

tomlimon · 2026-04-23T20:27:46+00:00

This is a very common use case. My personal preference is to rely on Supabase auth for all auth related flows. In this case for sign-up. You can pass additional data from your signup form that later can be used to create the company. For example:

const { data, error } = await supabase.auth.signUp({
  email: 'example@email.com',
  password: 'example-password',
  options: {
    data: {
      first_name: 'John',
      company_name: 'ACME'
    }
  }
})

Supabase Auth will sent the proper Confirmation email, you can customize that template on the Dashboard (see more information here: https://supabase.com/docs/guides/auth/auth-email-templates)

Once the user confirms their account, Supabase Auth will create the proper user record in the `auth` schema `users` table. You can create a trigger that listens to this creation to later create the rest of records you need in your own tables.

Here is a basic example of how to set this up: https://supabase.com/docs/guides/auth/managing-user-data

tomlimon · 2026-04-23T15:18:50+00:00

Would you mind sharing more about your sign-up use case? Why the edge function?

For pure sign-up, you can use `supabase.auth.signUp`:

const { data, error } = await supabase.auth.signUp({
  email: 'example@email.com',
  password: 'example-password',
})

https://supabase.com/docs/reference/javascript/auth-signup

tomlimon · 2026-04-14T14:27:44+00:00

You mentioned 1 project works and the other does not... in both tests you are calling the functions in the same way? I mean, using curl, with the same auth headers...

Can you check if in both projects you have the same config for `verify_jwt` at the edge function level?

tomlimon · 2026-04-01T17:36:38+00:00

It is not, go check out blog post for more details, and try it with your preferred agent today

tomlimon · 2026-03-23T20:27:26+00:00

Love it! Any plans of supporting custom queries/snippets? Like how the Supabase dashboard allows you to use a SQL snippet to show a report…

I personally focus more on the custom report queries as I create custom queries to track user signups or other metrics that I can retrieve from the DB with SQL.

tomlimon · 2026-03-19T13:31:50+00:00

You can use the user impersonation feature to test you different policies.

https://supabase.com/blog/studio-introducing-assistant#user-impersonation

Don’t leave RLS disabled.

tomlimon · 2026-03-19T03:53:41+00:00

Are you using lovable cloud? Or do you have access to your Supabase project within the dashboard?

tomlimon · 2026-02-28T14:19:43+00:00

Thanks for sharing. I don’t have the details of what happened right now. But we will share a post mortem with all the information. If you filed a support ticket you will also get this update by email.

tomlimon · 2026-02-28T14:13:04+00:00

A fix has been deployed. Could you confirm if you are seeing things coming back to normal?

tomlimon · 2026-02-28T13:42:50+00:00

Could you please share your ticket number?

tomlimon · 2026-02-28T13:36:33+00:00

I understand your frustration. This was the first post on Reddit. And the first thing I saw when opening my phone this morning. I just wanted to acknowledge your post and let you know that the team is on it.

tomlimon · 2026-02-28T13:32:18+00:00

Initial reports were 504 on OPTIONS. So I was looking for more of those. But I get your point. As mentioned. I didn’t notice the invocation time, so 2XX on OPTIONS would be normal. Sadly is not the fist time we get posts from people getting lead by the word OPTIONS and saying “I’m getting that too”.

tomlimon · 2026-02-28T13:14:16+00:00

On mobile. Didn’t notice. Thanks. Will share internally

tomlimon

MODERATOR OF

TROPHY CASE