User logout/revoke with signing keys
That is mentioned here in the Supabase discussion thread on these: https://github.com/orgs/supabase/discussions/29289#discussioncomment-13828580
That is the current way it works. I don't see how they can resolve it without calling the server as there is no way for the server to notify clients the jwt has been revoked.
Expire time is set by you and default is one hour but can be down to 5 minutes or so reasonably. I think 2 or 3 is the lowest. This is of course at a tradeoff of needing more refreshes to the server.
There is another way to detect user status, just for the database, by using the Postgres pre_request function to query the session table. There is no guide on it. This adds a query to every REST DB request when it starts.
That is the current way it works. I don't see how they can resolve it without calling the server as there is no way for the server to notify clients the jwt has been revoked.
Expire time is set by you and default is one hour but can be down to 5 minutes or so reasonably. I think 2 or 3 is the lowest. This is of course at a tradeoff of needing more refreshes to the server.
There is another way to detect user status, just for the database, by using the Postgres pre_request function to query the session table. There is no guide on it. This adds a query to every REST DB request when it starts.
