Migrate JWT verification from HS256 to JWKS #75

Merged

TheFurya merged 3 commits from feature/migrate-jwt-verification-to-jwks into develop

2026-03-22 09:26:28 +01:00

Author	SHA1	Message	Date
Julian Tabel	d23e24b826	Merge branch 'feature/migrate-jwt-verification-to-jwks' of https://gitea.nerdboden.de/pokemon/nuzlocke-tracker into feature/migrate-jwt-verification-to-jwks All checks were successful CI / backend-tests (pull_request) Successful in 31s Details CI / frontend-tests (pull_request) Successful in 29s Details	2026-03-22 09:25:05 +01:00
Julian Tabel	e9eccc5b21	feat: migrate JWT verification from HS256 shared secret to JWKS Replace symmetric HS256 JWT verification with asymmetric RS256 using JWKS. Backend now fetches and caches public keys from Supabase's JWKS endpoint instead of using a shared secret. - Add cryptography dependency for RS256 support - Use PyJWKClient to fetch/cache JWKS from {SUPABASE_URL}/.well-known/jwks.json - Remove SUPABASE_JWT_SECRET from config, docker-compose, deploy workflow, .env - Update tests to use RS256 tokens with mocked JWKS client Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-22 09:24:41 +01:00
Julian Tabel	177c02006a	feat: migrate JWT verification from HS256 shared secret to JWKS All checks were successful CI / backend-tests (pull_request) Successful in 28s Details CI / frontend-tests (pull_request) Successful in 28s Details Replace symmetric HS256 JWT verification with asymmetric RS256 using JWKS. Backend now fetches and caches public keys from Supabase's JWKS endpoint instead of using a shared secret. - Add cryptography dependency for RS256 support - Use PyJWKClient to fetch/cache JWKS from {SUPABASE_URL}/.well-known/jwks.json - Remove SUPABASE_JWT_SECRET from config, docker-compose, deploy workflow, .env - Update tests to use RS256 tokens with mocked JWKS client Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-21 14:01:36 +01:00

Author

SHA1

Message

Date

Julian Tabel

d23e24b826

Merge branch 'feature/migrate-jwt-verification-to-jwks' of https://gitea.nerdboden.de/pokemon/nuzlocke-tracker into feature/migrate-jwt-verification-to-jwks

CI / backend-tests (pull_request) Successful in 31s

Details

CI / frontend-tests (pull_request) Successful in 29s

Details

2026-03-22 09:25:05 +01:00

Julian Tabel

e9eccc5b21

feat: migrate JWT verification from HS256 shared secret to JWKS

Replace symmetric HS256 JWT verification with asymmetric RS256 using JWKS.
Backend now fetches and caches public keys from Supabase's JWKS endpoint
instead of using a shared secret.

- Add cryptography dependency for RS256 support
- Use PyJWKClient to fetch/cache JWKS from {SUPABASE_URL}/.well-known/jwks.json
- Remove SUPABASE_JWT_SECRET from config, docker-compose, deploy workflow, .env
- Update tests to use RS256 tokens with mocked JWKS client

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-22 09:24:41 +01:00

Julian Tabel

177c02006a

feat: migrate JWT verification from HS256 shared secret to JWKS

CI / backend-tests (pull_request) Successful in 28s

Details

CI / frontend-tests (pull_request) Successful in 28s

Details

Replace symmetric HS256 JWT verification with asymmetric RS256 using JWKS.
Backend now fetches and caches public keys from Supabase's JWKS endpoint
instead of using a shared secret.

- Add cryptography dependency for RS256 support
- Use PyJWKClient to fetch/cache JWKS from {SUPABASE_URL}/.well-known/jwks.json
- Remove SUPABASE_JWT_SECRET from config, docker-compose, deploy workflow, .env
- Update tests to use RS256 tokens with mocked JWKS client

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-21 14:01:36 +01:00

Migrate JWT verification from HS256 to JWKS #75

3 Commits