v2: Custom JWT -> Broken implementation

[jmedellinc]

Bug report

Custom JWT's in v2 don't work

Describe the bug

The bug and a semi-workaround is documented in
supabase/supabase-js#553

I say semi, because for actually refreshing the JWT, the authorization headers must be refreshed in two places:
this.supabase.headers.Authorization = Bearer ${supabaseToken};
this.supabase.auth.headers.Authorization = Bearer ${supabaseToken};

To Reproduce

I'ts all in the bug
supabase/supabase-js#553

Expected behavior

I was waiting to see if custom JWT's were dropped as being supported, but now that v2 has been released, and that the migration docs show a "way" to use custom JWT's
https://supabase.com/docs/reference/javascript/upgrade-guide#use-a-custom-access_token-jwt-with-supabase
I guess it's the intention to support such feature.. Which clearly is broken..

Happy to help with any more info that may be needed

[jmedellinc]

Turns out I was missing another place where the JWT needs updating:

this.supabase.rest.headers.Authorization = `Bearer ${supabaseToken}`;

Also here are the two patches needed for typescript to pass the typings checks..

diff --git a/node_modules/@supabase/supabase-js/dist/module/SupabaseClient.d.ts
b/node_modules/@supabase/supabase-js/dist/module/SupabaseClient.d.ts
index aba674b..61aad59 100644
--- a/node_modules/@supabase/supabase-js/dist/module/SupabaseClient.d.ts
+++ b/node_modules/@supabase/supabase-js/dist/module/SupabaseClient.d.ts
@@ -20,12 +20,12 @@ export default class SupabaseClient<Database = any, SchemaName extends string &
     protected authUrl: string;
     protected storageUrl: string;
     protected functionsUrl: string;
-    protected realtime: RealtimeClient;
-    protected rest: PostgrestClient<Database, SchemaName>;
+    public realtime: RealtimeClient;
+    public rest: PostgrestClient<Database, SchemaName>;
     protected storageKey: string;
     protected fetch?: Fetch;
     protected changedAccessToken: string | undefined;
-    protected headers: {
+    public headers: {
         [key: string]: string;
     };
     /**

diff --git a/node_modules/@supabase/gotrue-js/dist/module/GoTrueClient.d.ts b/node_modules/@supabase/gotrue-js/dist/module/GoTrueClient.d.ts
index 40bb4e4..510fe80 100644
--- a/node_modules/@supabase/gotrue-js/dist/module/GoTrueClient.d.ts
+++ b/node_modules/@supabase/gotrue-js/dist/module/GoTrueClient.d.ts
@@ -34,7 +34,7 @@ export default class GoTrueClient {
     protected initializePromise: Promise<InitializeResult> | null;
     protected detectSessionInUrl: boolean;
     protected url: string;
-    protected headers: {
+    public headers: {
         [key: string]: string;
     };
     protected fetch: Fetch;

[mahapo]

+1 Needed for this example https://docs.moralis.io/docs/web3-supabase-authentication#make-client-side-requests-using-the-jwt

[hf]

Honestly not sure exactly where this issue belongs -- but let's see if gotrue-js is the right one.

[hf]

Closing due to inactivity. Not sure what this issue is trying to explain? Please re-open if still relevant.