Reference
Supabase JWT Auth Policy
The Supabase JWT Authentication policy allows you to authenticate incoming requests using a token created by supabase.com.
When configured, you can have Zuplo check incoming requests for a JWT token and automatically populate the ZuploRequest
's user
property with a user object.
This user
object will have a sub
property - taking the sub
id from the JWT token. It will also have a data
property populated by other data returned in the JWT token - including all your claims, user_metadata
and app_metadata
.
You can also require specific claims to have specific values to allow authentication to complete, providing a layer of authorization.
Configuration
The configuration shows how to configure the policy in the 'policies.json' document.
Policy Configuration
name
<string> - The name of your policy instance. This is used as a reference in your routes.policyType
<string> - The identifier of the policy. This is used by the Zuplo UI. Value should besupabase-jwt-auth-inbound
.handler.export
<string> - The name of the exported type. Value should beSupabaseJwtInboundPolicy
.handler.module
<string> - The module containing the policy. Value should be$import(@zuplo/runtime)
.handler.options
<object> - The options for this policy. See Policy Options below.
Policy Options
The options for this policy are specified below. All properties are optional unless specifically marked as required.
secret
<string> (Required) -The key used to verify the signature of the JWT token.allowUnauthenticatedRequests
<boolean> -Indicates whether the request should continue if authentication fails. Default isDefaults tofalse
which means unauthenticated users will automatically receive a 401 response.false
.requiredClaims
<object> -Any claims that must be present for authentication to succeed - multiple valid values can be specified for each claim.
Using the Policy
Authorization#
You can also require certain claims to be valid by specifying this in the
options. For example, if you require the claim user_role
to be either admin
or supa_user
, you would configure the policy as follows:
Read more about how policies work