Add/use SUPABASE_JWT_SECRET to make useSupabaseSession() also check the validity of the JWT #353
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently I'm trying to add custom claims to the user JWT, the "problem" is that the custom values we add to the JWT through a Auth Hook are not also translated to the API response (see screnshot for example).
Because of this I need to have faith in that session JWT. And i don't. :'(
Describe the solution you'd like
On the FE side (useSupabaseSession) we could have a quick BE call that can check the token validity using the SUPABASE_JWT_SECRET env variable.
If all's good then return the session data, if not logoff the user or something along the lines.
On the BE side (serverSupabaseSession) we would use the function we created above. It should be more straightforward here.
And maybe should be opt-in? At least on the FE side in case the dev doesn't want to make too many BE calls.
Describe alternatives you've considered
I will write my own supabase JWT validator on the BE side, but while doing this thought that it would be nice as an official option.
Additional context
No additinal context. Not sure if this is even worth it, but just an idea. 👍
The text was updated successfully, but these errors were encountered: