Using supabase-kt with per-request JWTs (GraphQL Kotlin backend, RLS enabled)
Hi everyone 
I'm building a mobile app with:
For every request, the frontend sends a JWT in the Authorization header.
My backend verifies it and then needs to query Supabase on behalf of the user, so that RLS policies apply correctly.
I'm using
So far, the only way I've found to pass a custom JWT is by creating a new
This works, but I'm worried about resource usage and scalability, especially with concurrent users.
Is there a way to inject a custom
Or alternatively, is there a recommended approach to safely and efficiently query Supabase with dynamic tokens from a Kotlin backend?
Thanks a lot for any tips or examples !
I'm building a mobile app with:
- an Expo frontend (React Native),
- a Kotlin backend exposing a GraphQL API,
- and Supabase as the database (hosted, with RLS enabled).
For every request, the frontend sends a JWT in the Authorization header.
My backend verifies it and then needs to query Supabase on behalf of the user, so that RLS policies apply correctly.
I'm using
io.github.jan-tennert.supabase-kt, version 2.1.2, with the PostgREST plugin.So far, the only way I've found to pass a custom JWT is by creating a new
SupabaseClient per request with the user's token.This works, but I'm worried about resource usage and scalability, especially with concurrent users.
My question:
Is there a way to inject a custom Authorization header (JWT) per request, without creating a new Supabase client each time?Or alternatively, is there a recommended approach to safely and efficiently query Supabase with dynamic tokens from a Kotlin backend?
Thanks a lot for any tips or examples !
