Introducing JWT Signing Keys

Today we're announcing some long awaited changes in Supabase:

Support for asymmetric JWTs with Supabase Auth.

New API keys to help you transition to asymmetric JWTs and improve the security of your apps.

Over the last decade, JSON Web Tokens (JWTs) have surfaced as the universal language between your business logic and your Auth servers.

Supabase has embraced JWTs since inception. It's the backbone that makes Postgres Row-Level Security (RLS) policies work. Supabase Auth checks that your users say who they are and issues many JWTs while they use your app. These JWTs are then used by your application or other Supabase products (e.g., Data API, Storage, Realtime) to allow or reject access to your application's data.

Introducing JWT Signing Keys

Related reading

Top 10 Launches of Launch Week 15

Build "Sign in with Your App" using Supabase Auth

Supabase is now ISO 27001 certified

Introducing Supabase for Platforms

Supabase Joins the Stripe Projects Developer Preview

Introducing @supabase/server