diff --git a/packages/core/auth-js/src/GoTrueClient.ts b/packages/core/auth-js/src/GoTrueClient.ts index f23bc954e..f86ad5a00 100644 --- a/packages/core/auth-js/src/GoTrueClient.ts +++ b/packages/core/auth-js/src/GoTrueClient.ts @@ -3649,8 +3649,8 @@ export default class GoTrueClient { raw: { header: rawHeader, payload: rawPayload }, } = decodeJWT(token) - if (!options?.allowExpired) { - // Reject expired JWTs should only happen if jwt argument was passed + // Only validate expiration if allowExpired is NOT true + if (options?.allowExpired !== true) { validateExp(payload.exp) } diff --git a/packages/core/auth-js/src/lib/helpers.ts b/packages/core/auth-js/src/lib/helpers.ts index 659e82d65..3e8636753 100644 --- a/packages/core/auth-js/src/lib/helpers.ts +++ b/packages/core/auth-js/src/lib/helpers.ts @@ -203,6 +203,18 @@ export function decodeJWT(token: string): { payload: parts[1], }, } + + const user_metadata: Record = {} + for (const [key, value] of Object.entries(data.payload)) { + if (key.startsWith('https://') || key.startsWith('http://')) { + const claimName = key.split('/').pop() || key + user_metadata[claimName] = value + } + } + if (Object.keys(user_metadata).length > 0) { + data.payload.user_metadata = { ...(data.payload.user_metadata ?? {}), ...user_metadata } + } + return data } diff --git a/packages/core/postgrest-js/src/PostgrestQueryBuilder.ts b/packages/core/postgrest-js/src/PostgrestQueryBuilder.ts index a82310078..67fd90d75 100644 --- a/packages/core/postgrest-js/src/PostgrestQueryBuilder.ts +++ b/packages/core/postgrest-js/src/PostgrestQueryBuilder.ts @@ -332,6 +332,13 @@ export default class PostgrestQueryBuilder< } } + // Automatically use RETURNING for inserts so `.select()` works without SELECT policy + if (!this.headers.has('Prefer')) { + this.headers.append('Prefer', 'return=representation') + } else if (![...this.headers.values()].some((h) => h.includes('return='))) { + this.headers.append('Prefer', 'return=representation') + } + return new PostgrestFilterBuilder({ method, url: this.url,