Bug: Error [AuthApiError]: Invalid Refresh Token when using auth.uid() in RLS policies with unauthenticated users

Description

When a user is not logged in and an RLS policy tries to use auth.uid(), the system throws an "Invalid Refresh Token: Refresh Token Not Found" error instead of handling this case gracefully.

Error Details

Error [AuthApiError]: Invalid Refresh Token: Refresh Token Not Found
    at handleError (../../../src/lib/fetch.ts:102:8)
    at async _handleRequest (../../../src/lib/fetch.ts:195:4)       
    at async _request (../../../src/lib/fetch.ts:157:15)
    at async (../../src/GoTrueClient.ts:1847:17)
    at async (../../../src/lib/helpers.ts:228:25) {
  __isAuthError: true,
  status: 400,
  code: 'refresh_token_not_found'
}

Steps to Reproduce

1. Create an RLS policy that uses auth.uid() to restrict access
2. Attempt to access this protected resource when not logged in
3. The system throws "Invalid Refresh Token: Refresh Token Not Found" instead of handling this gracefully

Expected Behavior

When a user is not authenticated and a policy uses auth.uid(), the system should either:

• Handle this case gracefully by returning null for auth.uid()
• Provide a more helpful error message indicating that authentication is required
• Document clearly that auth.uid() should only be used with additional checks for authenticated sessions

System Information

• OS: Windows 10
• Browser: [Please specify]
• Version of supabase-js: [Please specify]
• Version of Node.js: [Please specify]

Possible Solution

Update the RLS policy handling to check if a user is authenticated before attempting to access auth.uid(), or provide better error handling for this common use case.