Role based authorization with GoTrue
Hello everyone,
I'm currently implementing a supabase spring boot starter and wanted to implement custom roles with GoTrue.
My Idea was to store the roles as a JSON Object in the user_metadata or is it better to use the app_metadata column?
In the GoTrue-KT Library I'm using there is only the /user endpoint implemented:
https://github.com/supabase/gotrue#put-user
Am I correct that any user could just talk to the GoTrue Endpoint directly with his JWT and give himself a Role?
Should I then instead use the /admin/users/<user_id> endpoint? It says that the JWT needs the admin role? Where do I set this?
https://github.com/supabase/gotrue#post-put-adminusersuser_id
Or is there a better way to implement this?
Thanks for your help!
I'm currently implementing a supabase spring boot starter and wanted to implement custom roles with GoTrue.
My Idea was to store the roles as a JSON Object in the user_metadata or is it better to use the app_metadata column?
In the GoTrue-KT Library I'm using there is only the /user endpoint implemented:
https://github.com/supabase/gotrue#put-user
Am I correct that any user could just talk to the GoTrue Endpoint directly with his JWT and give himself a Role?
Should I then instead use the /admin/users/<user_id> endpoint? It says that the JWT needs the admin role? Where do I set this?
https://github.com/supabase/gotrue#post-put-adminusersuser_id
Or is there a better way to implement this?
Thanks for your help!
GitHub
A JWT based API for managing users and issuing JWT tokens - GitHub - supabase/gotrue: A JWT based API for managing users and issuing JWT tokens
