create_signed_url doesn't use Bearer token from sign_in
jfischoff opened this issue · comments
Jonathan Fischoff commented
Describe the bug
create_signed_url fails when authorization is necessary because the wrong Bearer token is being used in the request
To Reproduce
Steps to reproduce the behavior:
- Create a storage policy that requires a particular user to view it
- Use
sign_in_with_password
to sign in as that user - Use
create_signed_url
to try to create a presigned url - Get a 400 instead.
Expected behavior
200 and the signed url
I debugged this by running mitmproxy. The request showed the initial anon bearer token.
When I saved the failed request as a curl and replaced the bearer token with the one returned from sign_in_with_password
it worked.
Anand commented
Fixed by supabase/supabase-py#560