Custom JWT (ES256) works with Realtime but fails on Storage API
I'm minting my own JWTs using ES256 (elliptic curve) with a private key for my Supabase project.
The tokens work perfectly with:
-
PostgREST/Database queries
- Realtime subscriptions
- RLS policies using auth.jwt()
But Storage API fails with:
Key for the ES256 algorithm must be one of type CryptoKey,
KeyObject, or JSON Web Key. Received an instance of
Uint8Array
Same JWT, different services. Seems like Storage has a bug
with asymmetric JWT validation. Anyone else experiencing
this?
The tokens work perfectly with:
-
PostgREST/Database queries-
Realtime subscriptions-
RLS policies using auth.jwt()But Storage API fails with:
Key for the ES256 algorithm must be one of type CryptoKey,
KeyObject, or JSON Web Key. Received an instance of
Uint8Array
Same JWT, different services. Seems like Storage has a bug
with asymmetric JWT validation. Anyone else experiencing
this?
