Edge Function migrate to new API Keys - How To?
Assuming you have Edge Functions that verify JWTs with the legacy secret enabled, calling those functions without an active session will fail.
Example:
In this case, the request returns 401 Unauthorized, because the Publishable Key is not a JWT, and therefore cannot pass the legacy JWT security check.
What’s the recommended approach for this use case?
• Disabling JWT verification works, but then I would need to implement my own authorization logic inside the function.
• Keeping legacy JWT verification is convenient, because it protects the function automatically — and it still works when a user session is present.
Based on the Function Configuration, a custom auth layer inside the Edge Function is the recommended solution and best practice here:
• Simply verify an API key for functions that do not require a user session.
• For all other functions, add custom JWT verification.
Thanks for any help!
Example:
In this case, the request returns 401 Unauthorized, because the Publishable Key is not a JWT, and therefore cannot pass the legacy JWT security check.
What’s the recommended approach for this use case?
• Disabling JWT verification works, but then I would need to implement my own authorization logic inside the function.
• Keeping legacy JWT verification is convenient, because it protects the function automatically — and it still works when a user session is present.
Based on the Function Configuration, a custom auth layer inside the Edge Function is the recommended solution and best practice here:
• Simply verify an API key for functions that do not require a user session.
• For all other functions, add custom JWT verification.
Thanks for any help!
