arrow-left Back to announcements
DATE:
AUTHOR:
PowerSync Product Team
Notice

[Updated] Important notice for Supabase users using Supabase JWTs

DATE:
AUTHOR: PowerSync Product Team

3 December Update:

Supabase auth can now be configured for your PowerSync instance by providing your Supabase JWT secret. Instructions for this are available in our docs here.

Supabase recently removed the app.settings.jwt_secret config parameter, which we rely on for the “Supabase auth” option.

At the time of writing, existing Supabase projects may still have this parameter, but any new Supabase projects created after November 25 won’t. We're working on a migration plan for existing Cloud projects, so if you already have a working Supabase project this should not impact you. You know that you’re affected if you’re getting an unrecognized configuration parameter "app.settings.jwt_secret" error for your Supabase project.

While we are working with Supabase on a fix, you can work around this by adding a custom JWT audience and HS256 key for your instance.

PowerSync Cloud

his can be done in the PowerSync dashboard, by updating your instance settings:

  1. Add a JWT Audience and set it to “authenticated”.

  2. Add a HS256 authentication token:

    1. Get the KID from your Supabase token:

      1. Get it via a console.log in your app from the Supabase client SDK, for example:

        await supabase.login(values.email, values.password);
console.log(`session = ${JSON.stringify((await supabase.client.auth.getSession()).data.session?.access_token)}`);

        1. Decode the JWT using a tool such as jwt.io.

        2. The KID field is in header:

    2. For the HS256 secret: Copy the JWT secret from your Supabase dashboard (https://supabase.com/dashboard/project/_/settings/api), then base64-url encode it.

      1. bash: echo -n 'your-supabase-secret' | base64 | tr '+/' '-_' | tr -d '='

      2. Node.js: Buffer.from('your-supabase-secret').toString('base64url')

FlutterFlow users

Instead of step 2.1.1 above, follow these steps:

  1. Open your initpowersync custom action

  2. Below the line final token = session.accessToken; add this:

    1. print('supabase session token is = $token');

    2. Run your app and open device logs:

  1. You will then see the token and you can resume following the above instructions.

Self-Hosted PowerSync

Enter the above keys in your Service config. For an example, see https://github.com/powersync-ja/self-host-demo/blob/main/config/powersync.yaml#L83

Powered by LaunchNotes