pokemon/nuzlocke-tracker
1
1
Fork 0
Code Issues Pull Requests 10 Actions Packages Projects Releases Wiki Activity
Files
d98b0da410e3621796eec0c112660f03af55f441
nuzlocke-tracker/.beans/nuzlocke-tracker-eg7j--fix-jwt-verification-failing-in-local-dev-hs256-fa.md
Julian Tabel af55cdd8a6
All checks were successful
CI / backend-tests (pull_request) Successful in 29s
Details
CI / frontend-tests (pull_request) Successful in 29s
Details
fix: add HS256 fallback for JWT verification in local dev 
Local GoTrue signs JWTs with HS256, but the JWKS endpoint returns an
empty key set since there are no RSA keys. Fall back to HS256 shared
secret verification when JWKS fails, using SUPABASE_JWT_SECRET.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 09:38:52 +01:00

11 lines
432 B
Markdown
Raw Blame History

---
# nuzlocke-tracker-eg7j
title: Fix JWT verification failing in local dev (HS256 fallback)
status: in-progress
type: bug
created_at: 2026-03-22T08:37:18Z
updated_at: 2026-03-22T08:37:18Z
---
Local GoTrue signs JWTs with HS256, but the JWKS migration only supports RS256. The JWKS endpoint returns empty keys locally, causing 500 errors on all authenticated endpoints. Add HS256 fallback using SUPABASE_JWT_SECRET for local dev.
Reference in New Issue View Git Blame Copy Permalink