Fix admin delete user unauthorized error

supabase/config.toml

@@ -1,5 +1,8 @@
 project_id = "ydvtmnrszybqnbcqbdcy"
 
+[functions.admin-delete-user]
+verify_jwt = true
+
 [functions.send-password-added-email]
 verify_jwt = true
 

supabase/functions/admin-delete-user/index.ts

@@ -43,16 +43,12 @@ Deno.serve(async (req) => {
       );
     }
 
-    // Create client with user's JWT for permission checks
-    const supabase = createClient(supabaseUrl, Deno.env.get('SUPABASE_ANON_KEY')!, {
-      global: { headers: { authorization: authHeader } }
-    });
-
     // Create admin client for privileged operations
     const supabaseAdmin = createClient(supabaseUrl, supabaseServiceKey);
 
-    // Get current user
+    // Get current user - extract token and verify
-    const { data: { user }, error: userError } = await supabase.auth.getUser();
+    const token = authHeader.replace('Bearer ', '');
+    const { data: { user }, error: userError } = await supabaseAdmin.auth.getUser(token);
     if (userError || !user) {
       edgeLogger.warn('Failed to get user', { 
         requestId: tracking.requestId,
@@ -69,6 +65,11 @@ Deno.serve(async (req) => {
       );
     }
     
+    // Create client with user's JWT for MFA checks
+    const supabase = createClient(supabaseUrl, Deno.env.get('SUPABASE_ANON_KEY')!, {
+      global: { headers: { Authorization: authHeader } }
+    });
+
     const adminUserId = user.id;
 
     // Parse request