Help with custom JWT
Hi team,
I'm working on integrating custom third-party JWTs following this guide:
https://supabase.com/docs/guides/auth/jwts#using-custom-or-third-party-jwts
I'm running into an error when trying to start my local Supabase instance after configuring the signing_keys_path.
Steps I've taken:
1. Generated a new signing key:
2. Saved the output (a single JSON object) to signing_key.json.
3. Stopped the local server:
4. Updated my config.toml to include the new key:
5. Tried to start the server again:
The Error
When I run npx supabase start, it fails with this error:
If I comment out the signing_keys_path line in config.toml and start again, the server starts perfectly fine.
My Question
The error cannot unmarshal object into Go value of type []config.JWK suggests that Supabase is expecting a JSON array of keys (a []JWK), but the gen signing-key command outputs a single JSON object.
My signing_key.json currently looks like this (a single object):
Thanks in advance for any help!16 Replies
Just to add some more context on my use case:
I'm trying to integrate better-auth (specifically their JWT plugin: https://www.better-auth.com/docs/plugins/jwt#usage).
The goal is to use better-auth to handle all authentication and then use the JWT it issues to authenticate with Supabase for services like Realtime and Storage. I'm following a similar pattern to the official Clerk integration (https://supabase.com/partners/integrations/clerk), but for this provider.
My post above is about the technical blocker I've hit while trying to get the Supabase auth server to recognize the better-auth signing key. Thanks!
JWT | Better Auth
Authenticate users with JWT tokens in services that can't use the session
Hi what is your cli version?
Also try starting the stack after editing the json file
➜ npx supabase --version
2.54.11
Yeah so I tested it. Some issue with this version. It worked fine with v2.53.6. automatically outputted correct json with key inside array.
Also after wrapping key with square brackets, everything works.
Yes you are right its working 🤟
i have added the role as described in https://supabase.com/docs/guides/auth/jwt-fields
but file upload / post create is failing when rls is enabled
JWT Claims Reference | Supabase Docs
Complete reference for claims appearing in JWTs created by Supabase Auth
I'd recommend to create a new post for this. I've never used better-auth before so won't be of any help
Ok
I have found the issue and the clerk example helped me to solve the same
https://supabase.com/partners/integrations/clerk
I was passing publish key insted of the jwt 😌
@inder Thanks for the help im sorted out 🤟
the solution example
https://github.com/amal-chandran/supabase-experiments/tree/experiment/better-auth
GitHub
GitHub - amal-chandran/supabase-experiments at experiment/better-auth
This repository is to keep track of all the Supabase experiments. - GitHub - amal-chandran/supabase-experiments at experiment/better-auth
Hey @Amal Chandran 💚
Are you able to use this custom oAuth with edge functions?
I'm investigating this issue but I don't have exp with oAuth.
May you could help me with that?
@Kalleby Santos
The supabase edge functions did not worked for me, Some of the libs are behaving weird errors in deno env Its hard to configure deno & node js to work together ref: https://discord.com/channels/839993398554656828/1437038461143224391/1437046216021119108 I swithed to vercel functions & configured rpc, using this stack - https://www.better-t-stack.dev/new?api=orpc&db=postgres&name=supabase-start&dbs=supabase&pm=npm - https://vercel.com/docs/frameworks/backend/hono
The supabase edge functions did not worked for me, Some of the libs are behaving weird errors in deno env Its hard to configure deno & node js to work together ref: https://discord.com/channels/839993398554656828/1437038461143224391/1437046216021119108 I swithed to vercel functions & configured rpc, using this stack - https://www.better-t-stack.dev/new?api=orpc&db=postgres&name=supabase-start&dbs=supabase&pm=npm - https://vercel.com/docs/frameworks/backend/hono
Stack Builder - Better-T-Stack
Interactive Ui to roll your own stack
Hono on Vercel
Deploy Hono applications to Vercel with zero configuration. Learn about observability, ISR, and custom build configurations.
Hei Amal, thanks for that
At the end we did decided the following conclusion for jwt at edge functions: https://github.com/supabase/supabase/discussions/34988#discussioncomment-14970798
I'm very sorry to read that you couldn't make it with edge functions 💔
Maybe I can help you with a custom provider template for better-auth 😁
GitHub
Clerk & Supabase Third Party Integration: Edge Functions Authentica...
The Issue I am busy upgrading our Clerk integration to the new third-party pattern. Running database queries and mutations works fine, but when accessing Edge Functions (supabase.functions.invoke) ...
more than custom provider issue, it was hard for me to make it work with other node js deps.
i wanted a mono repo code structure to share code b/w funcitons and ui which was not possible.
it is, do you prefer Nextj or other framework? I saw you may been using tanstack