Add/use SUPABASE_JWT_SECRET to make useSupabaseSession() also check the validity of the JWT

[titibudala]

Is your feature request related to a problem? Please describe.

Currently I'm trying to add custom claims to the user JWT, the "problem" is that the custom values we add to the JWT through a Auth Hook are not also translated to the API response (see screnshot for example).

Because of this I need to have faith in that session JWT. And i don't. :'(

Describe the solution you'd like

On the FE side (useSupabaseSession) we could have a quick BE call that can check the token validity using the SUPABASE_JWT_SECRET env variable. If all's good then return the session data, if not logoff the user or something along the lines.

On the BE side (serverSupabaseSession) we would use the function we created above. It should be more straightforward here.

And maybe should be opt-in? At least on the FE side in case the dev doesn't want to make too many BE calls.

Describe alternatives you've considered

I will write my own supabase JWT validator on the BE side, but while doing this thought that it would be nice as an official option.

Additional context

No additinal context. Not sure if this is even worth it, but just an idea. 👍