Secret Key + security_invoker view not returning results

### Describe the bug

Hi supabase team,

I'm unable to access a view from a js client with a secret key.

I've created a view that joins a `profiles` table to `auth.last_sign_in_at`.

I can query this fine when its public (and thus unsafe), but when i add:
```
alter view profiles_plus_auth
set (security_invoker = true);
```
the view returns `null` from the js client.

I would have expected that with the secret key being used, it would bypass any RLS issues and return the data from the table, while not allowing public or authenticated users to see it.

I know that my secret key works for other tables and commands like ` const data = await supabase.auth.admin.listUsers();`, just not for the view with auth involved.

### Library affected

supabase-js

### Reproduction

_No response_

### Steps to reproduce

1. Create a js client using the secret key.
2. Create the tables
```sql
create view public.profiles_plus_auth as
select
  p.id,
  p.name,
  au.last_sign_in_at
from
  profiles p
  left join auth.users au on p.id = au.id;

alter view profiles_plus_auth
set (security_invoker = true);
```
3. Try to query this table.


### System Info

```shell
"@supabase/supabase-js": "2.91.0"

 System:
    OS: macOS 14.5
    CPU: (8) arm64 Apple M1 Pro
    Memory: 132.66 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 24.8.0 - /Users/schoko/.nvm/versions/node/v24.8.0/bin/node
    Yarn: 1.22.19 - /usr/local/bin/yarn
    npm: 11.6.0 - /Users/schoko/.nvm/versions/node/v24.8.0/bin/npm
    bun: 1.2.19 - /opt/homebrew/bin/bun
    Deno: 2.4.5 - /opt/homebrew/bin/deno
    Watchman: 2025.08.04.00 - /opt/homebrew/bin/watchman
  Browsers:
    Chrome: 142.0.7444.176
    Firefox: 121.0.1
    Safari: 17.5
```

### Used Package Manager

npm

### Logs

_No response_

### Validations

- [x] Follow our [Code of Conduct](https://github.com/supabase/.github/blob/main/CODE_OF_CONDUCT.md)
- [x] Read the [Contributing Guidelines](https://github.com/supabase/supabase-js/blob/master/CONTRIBUTING.md).
- [x] Read the [docs](https://supabase.com/docs/reference/javascript/introduction).
- [x] Check that there isn't [already an issue](https://github.com/supabase/supabase-js/issues) that reports the same bug to avoid creating a duplicate.
- [x] Make sure this is a Supabase JS Library issue and not an issue with the Supabase platform. If it's a Supabase platform related bug, it should likely be reported to [supabase/supabase](https://github.com/supabase/supabase) instead.
- [x] Check that this is a concrete bug. For Q&A open a [GitHub Discussion](https://github.com/supabase/supabase-js/discussions) or join our [Discord Chat Server](https://discord.supabase.com//).
- [x] The provided reproduction is a [minimal reproducible example](https://stackoverflow.com/help/minimal-reproducible-example) of the bug.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Secret Key + security_invoker view not returning results #2045

Describe the bug

Library affected

Reproduction

Steps to reproduce

System Info

Used Package Manager

Logs

Validations

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Secret Key + security_invoker view not returning results #2045

Description

Describe the bug

Library affected

Reproduction

Steps to reproduce

System Info

Used Package Manager

Logs

Validations

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions