Interface WithSupabaseConfig

Configuration for withSupabase and createSupabaseContext.

Controls which auth modes are accepted, environment overrides, and CORS behavior.

Example

// Require authenticated users, auto-CORS enabled (default)
const config: WithSupabaseConfig = { auth: 'user' }

// Accept users or service-to-service calls, custom CORS headers
const config: WithSupabaseConfig = {
  auth: ['user', 'secret'],
  cors: { 'Access-Control-Allow-Origin': 'https://myapp.com' },
}

// No auth required, CORS disabled
const config: WithSupabaseConfig = { auth: 'none', cors: false }

interface WithSupabaseConfig {
    auth?: AuthModeWithKey | AuthModeWithKey[];
    allow?: AuthModeWithKey | AuthModeWithKey[];
    env?: Partial<SupabaseEnv>;
    cors?: boolean | Record<string, string>;
    supabaseOptions?: SupabaseClientOptions<string>;
}

Index

Properties

auth? allow? env? cors? supabaseOptions?

Properties

`Optional`auth

auth?: AuthModeWithKey | AuthModeWithKey[]

Auth mode(s) to accept. Modes are tried in order — the first match wins. A mode falls through only when its credential is absent; a present-but-invalid JWT short-circuits the chain with InvalidCredentialsError.

Default Value

"user"

`Optional`allow

allow?: AuthModeWithKey | AuthModeWithKey[]

Deprecated

Use WithSupabaseConfig.auth instead. The allow option is kept for backward compatibility and will be removed in a future major release. When both auth and allow are provided, auth takes precedence.

`Optional`env

env?: Partial<SupabaseEnv>

Override auto-detected environment variables. Useful for testing or when running in environments without standard env var support.

`Optional`cors

cors?: boolean | Record<string, string>

CORS configuration for the withSupabase wrapper.

true (default) — uses @supabase/supabase-js default CORS headers.
false — disables CORS handling entirely.
Record<string, string> — custom CORS headers.

Remarks

Only applies to the top-level withSupabase wrapper. The Hono adapter handles CORS separately via Hono's own middleware.

Default Value

true

`Optional`supabaseOptions

supabaseOptions?: SupabaseClientOptions<string>

Options forwarded to both internal createClient() calls.

accessToken is stripped, and auth settings (persistSession, autoRefreshToken, detectSessionInUrl) are force-overwritten to server-safe values.

Example

withSupabase({
  auth: 'user',
  supabaseOptions: { db: { schema: 'api' } },
}, handler)

Interface WithSupabaseConfig

Example

Index

Properties

Properties

`Optional`auth

Default Value

`Optional`allow

Deprecated

`Optional`env

`Optional`cors

Remarks

Default Value

`Optional`supabaseOptions

Example

Settings

On This Page

Interface WithSupabaseConfig

Example

Index

Properties

Properties

Optionalauth

Default Value

Optionalallow

Deprecated

Optionalenv

Optionalcors

Remarks

Default Value

OptionalsupabaseOptions

Example

Settings

On This Page

`Optional`auth

`Optional`allow

`Optional`env

`Optional`cors

`Optional`supabaseOptions