supabase
feat: allow minimising the jwt size by omitting additional claims
What kind of change does this PR introduce?
Feature
What is the current behavior?
JWT claims are not controllable, other than using a custom access hook. This can lead to large JWTs containing claims that might not be needed.
What is the new behavior?
Adds a configuration to control which claims outside of the required claims can be added to the JWT automatically.
Additional context
To be backward compatible, the default is to include all supported claims in the generated JWT. To have fewer claims, the config option jwt.additional_claims can be modified with the claims to include. Because the currently deployed (hosted and self-hosted) version does not have this config option, the decision to apply this default is based on the config value being empty. And empty value could also mean "don't include any additional claims", which would immediately break backwards compatibility as JWTs would suddenly not contain the optional claims. To simulate an empty set, it is possible to simply include an unknown claim, which would get ignored. It could make sense to standardise on a reserved word for this configuration.
Slightly depends on https://github.com/supabase/auth/pull/1913 to determine if some fields that are not yet omitempty should be set to a default value.
Pull Request Test Coverage Report for Build 12867239919
Details
- 22 of 22 (100.0%) changed or added relevant lines in 2 files are covered.
- No unchanged relevant lines lost coverage.
- Overall coverage increased (+0.03%) to 65.47%
| Totals | |
|---|---|
| Change from base Build 12806215187: | 0.03% |
| Covered Lines: | 9829 |
| Relevant Lines: | 15013 |
