auth icon indicating copy to clipboard operation
auth copied to clipboard
verified publisher icon supabase

fix: adjust required claims in custom access token hook

Open hf opened this issue 1 year ago • 1 comments

email and phone should not be required as they are not used by Supabase Auth for anything meaningful. They also don't have to exist (but are probably set as "" today) if using just email provider, or just phone provider, or anonymous sign-ins, etc.

is_anonymous also is not required as it depends on whether it's used in RLS policies.

iss should be added but it's not as it only makes sense with asymmetric JWTs. Additional validation on this will follow.

See:

  • https://github.com/supabase/supabase/pull/32770

hf avatar Jan 14 '25 17:01 hf

Pull Request Test Coverage Report for Build 12773204803

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 65.435%
Totals Coverage Status
Change from base Build 12724630104: 0.0%
Covered Lines: 9814
Relevant Lines: 14998
💛 - Coveralls

coveralls avatar Jan 14 '25 17:01 coveralls