Help with custom JWT
Hi team,
I'm working on integrating custom third-party JWTs following this guide:
https://supabase.com/docs/guides/auth/jwts#using-custom-or-third-party-jwts
I'm running into an error when trying to start my local Supabase instance after configuring the signing_keys_path.
Steps I've taken:
1. Generated a new signing key:
2. Saved the output (a single JSON object) to signing_key.json.
3. Stopped the local server:
4. Updated my config.toml to include the new key:
5. Tried to start the server again:
The Error
When I run npx supabase start, it fails with this error:
If I comment out the signing_keys_path line in config.toml and start again, the server starts perfectly fine.
My Question
The error cannot unmarshal object into Go value of type []config.JWK suggests that Supabase is expecting a JSON array of keys (a []JWK), but the gen signing-key command outputs a single JSON object.
My signing_key.json currently looks like this (a single object):
Thanks in advance for any help!12 Replies
Just to add some more context on my use case:
I'm trying to integrate better-auth (specifically their JWT plugin: https://www.better-auth.com/docs/plugins/jwt#usage).
The goal is to use better-auth to handle all authentication and then use the JWT it issues to authenticate with Supabase for services like Realtime and Storage. I'm following a similar pattern to the official Clerk integration (https://supabase.com/partners/integrations/clerk), but for this provider.
My post above is about the technical blocker I've hit while trying to get the Supabase auth server to recognize the better-auth signing key. Thanks!
JWT | Better Auth
Authenticate users with JWT tokens in services that can't use the session
Hi what is your cli version?
Also try starting the stack after editing the json file
➜ npx supabase --version
2.54.11
Yeah so I tested it. Some issue with this version. It worked fine with v2.53.6. automatically outputted correct json with key inside array.
Also after wrapping key with square brackets, everything works.
Yes you are right its working 🤟
i have added the role as described in https://supabase.com/docs/guides/auth/jwt-fields
but file upload / post create is failing when rls is enabled
JWT Claims Reference | Supabase Docs
Complete reference for claims appearing in JWTs created by Supabase Auth





I'd recommend to create a new post for this. I've never used better-auth before so won't be of any help
Ok
I have found the issue and the clerk example helped me to solve the same
https://supabase.com/partners/integrations/clerk

I was passing publish key insted of the jwt 😌
@inder Thanks for the help im sorted out 🤟
the solution example
https://github.com/amal-chandran/supabase-experiments/tree/experiment/better-auth
GitHub
GitHub - amal-chandran/supabase-experiments at experiment/better-auth
This repository is to keep track of all the Supabase experiments. - GitHub - amal-chandran/supabase-experiments at experiment/better-auth
Hey @Amal Chandran 💚
Are you able to use this custom oAuth with edge functions?
I'm investigating this issue but I don't have exp with oAuth.
May you could help me with that?