Benefit of verify JWT in edge functinos

Whats the benefit of the following option:

Verify JWT with legacy secret
Requires that a JWT signed only by the legacy JWT secret is present in the Authorization header. The easy to obtain anon key can be used to satisfy this requirement. Recommendation: OFF with JWT and additional authorization logic implemented inside your function's code.

Verify JWT with legacy secret
Requires that a JWT signed only by the legacy JWT secret is present in the Authorization header. The easy to obtain anon key can be used to satisfy this requirement. Recommendation: OFF with JWT and additional authorization logic implemented inside your function's code.

Since you can just use the anon key anyways, so you should asume anyone can call this function. So I feel this doesnt offer additional security, since you have to check the token yourself anyways and see if its a authenticated user. Am I missing something or is this safe to disable, since it doesnt offer any security. If so I can transition to the new api keys

Supabase•5mo ago•

5 replies

Idris

Benefit of verify JWT in edge functinos

Whats the benefit of the following option:

Verify JWT with legacy secret
Requires that a JWT signed only by the legacy JWT secret is present in the Authorization header. The easy to obtain anon key can be used to satisfy this requirement. Recommendation: OFF with JWT and additional authorization logic implemented inside your function's code.

Verify JWT with legacy secret
Requires that a JWT signed only by the legacy JWT secret is present in the Authorization header. The easy to obtain anon key can be used to satisfy this requirement. Recommendation: OFF with JWT and additional authorization logic implemented inside your function's code.

Benefit of verify JWT in edge functinos

Similar Threads

Benefit of verify JWT in edge functinos

Similar Threads

Similar Threads

Similar Threads