How to use custom OTP provider
auth
SolvedHello, I want to use a custom OTP provider because it is around 100× cheaper than Twilio or other OTP providers integrated with Supabase.
My plan is:
Use my Express backend to send and verify the OTP.
After successful OTP verification, have my backend issue a Supabase session for the user.
Earlier, this was possible using Supabase’s legacy symmetric JWT signing (HS256), where I could generate and sign my own JWT using the project’s JWT_SECRET.
However, with the new asymmetric JWT signing (RS256), I can no longer sign tokens myself because the private key is not accessible.
So now my question is:
How can I implement custom OTP verification with my own backend and still securely create a valid Supabase session for the user under the new RS256 system?
My plan is:
Use my Express backend to send and verify the OTP.
After successful OTP verification, have my backend issue a Supabase session for the user.
Earlier, this was possible using Supabase’s legacy symmetric JWT signing (HS256), where I could generate and sign my own JWT using the project’s JWT_SECRET.
However, with the new asymmetric JWT signing (RS256), I can no longer sign tokens myself because the private key is not accessible.
So now my question is:
How can I implement custom OTP verification with my own backend and still securely create a valid Supabase session for the user under the new RS256 system?
