Allow admin to generate auth user sessions

[ioucyf]

I'm trying to use the WebAuthn API with supabase as one of the primary sign-in options on my web client; since it's not yet officially supported by supabase, I'm writing a custom API to handle the registration and verification of the user's authenticator.

However, while using supabase's admin client with the service role key on the server API, I have no way of generating a valid session, for that specific user after confirming that the user's authenticator key is in fact valid, to return it to the client; to be set as the new session via: (supabase.auth.setSession(<received new session>)).

... or is there? I don't know...

Please make it possible to do so.

[ioucyf]

Is it possible to do create a valid user session by generating the JWTs myself using the secret key of the project's API?

[ruggi99]

Hi @ofeenee,
yes it is possible to do.
I suggest you to use jwt.io site.
Take a valid token and put it in the textarea, then fill in the secret, change iat field (aka Issued At) and you should have done.
Actually I can't confirm my steps are all right, but I'm close

[ioucyf]

Can I , as Admin, set the session on the supabase client for a user to be valid and authenticated using a JWT I generated with the projects secret key?

[ruggi99]

I think you can do it with a bunch of lines of client-side code.
https://github.com/supabase/gotrue-js/blob/013afaeb45e5d964a8cca467b748a3daa557f22c/src/GoTrueClient.ts#L650

[rohankm]

Were you able to create session?