Supabase
Validate user tokens on the backend #845
-
|
Is it possible to validate a user's session token on the backend? For instance, in Firebase, you can validate an ID token with admin.auth().verifyIdToken(idToken)Right now, I'm writing a function that only authenticated users should be able to access, so it would be extremely helpful if there's a way to do this. Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Turns out that since Supabase uses JWTs, you can validate it as you would any other JWT. Frontend: supabase.auth.session()?.accessToken // gets the JWTBackend import { verify } from 'jsonwebtoken'
// data is the contents of the JWT if valid
const data = const verify(token, supabase_jwt_secret) // throws error if invalidYou can find the JWT secret in the Supabase dashboard. Settings > API > JWT Secret |
Beta Was this translation helpful? Give feedback.
-
|
How can one sign in with this token (eg on another web app or chrome extension), similar to Firebase's |
Beta Was this translation helpful? Give feedback.
-
|
No idea, but this would make a good feature request if it isn't already possible. |
Beta Was this translation helpful? Give feedback.
Turns out that since Supabase uses JWTs, you can validate it as you would any other JWT.
Frontend:
Backend
You can find the JWT secret in the Supabase dashboard. Settings > API > JWT Secret