You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The graphql endpoint for my project returns 401 {"message":"invalid signature"} when I use any user's session access_token as described in the docs. I can access the graphql endpoint from the https://supabase.com/dashboard/project//api/graphiql when impersonating that user.
Quickstart docs at https://supabase.com/docs/guides/graphql also show /v1 in the url but my project's url clearly has no /v1https://supabase.com/dashboard/project/<projectid>/api/graphiql. The quickstart docs link have a broken link to api, https://supabase.com/docs/guides/graphql#api-key-api_key
The graphiql explorer doesn't show the apiKey in the Headers section.
The graphql query that the explorer makes doesn't show the apiKey header.
The text was updated successfully, but these errors were encountered:
I was using the url, https://api.supabase.com/platform/projects//api/graphql from the graphiql explorer instead of https://.supabase.co/graphql/v1. I'm curious why this URL won't work when I see it in the browser.
The return from the /api/graphl etc endpoints should be a lot clearer than "invalid signature".
Bug report
Describe the bug
The graphql endpoint for my project returns 401 {"message":"invalid signature"} when I use any user's session access_token as described in the docs. I can access the graphql endpoint from the https://supabase.com/dashboard/project//api/graphiql when impersonating that user.
To Reproduce
JS code
output is
Expected behavior
I expect to have the endpoint returns the graphql.
Screenshots
If applicable, add screenshots to help explain your problem.
System information
Additional context
Where is the "invalid signature" message generated? I looked through supabase, supabase-js, auth, auth-js, auth-helpers, pg_graphql, github.com/golang-jwt/jwt, https://pkg.go.dev/go.imperva.dev/demos/matrix-chat/internal/api/demo#ParseJWTClaims, and I could not find where that string is generated and where the 401 is returned.
The token shown above appears valid per the online jwt decoder at https://10015.io/tools/jwt-encoder-decoder as it's decoded as
JWT Header
Separately, the docs are quite inconsistent about which headers and keys are required and the endpoints.
Relay example https://supabase.com/docs/guides/graphql/with-relay shows
Apollo example shows no apiKey header nor vallbck to anon key.
Quickstart docs at https://supabase.com/docs/guides/graphql also show
/v1
in the url but my project's url clearly has no/v1
https://supabase.com/dashboard/project/<projectid>/api/graphiql
. The quickstart docs link have a broken link to api,https://supabase.com/docs/guides/graphql#api-key-api_key
The graphiql explorer doesn't show the apiKey in the Headers section.
The graphql query that the explorer makes doesn't show the apiKey header.
The text was updated successfully, but these errors were encountered: