From f28e6e9c8fadc92b2e3039b6f1988e807bd90fe1 Mon Sep 17 00:00:00 2001 From: Saxon Fletcher Date: Sat, 9 Aug 2025 09:37:48 +1000 Subject: [PATCH 1/2] Check error before handling (#37801) check error before handling --- apps/studio/components/ui/AIAssistantPanel/AIAssistant.utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/studio/components/ui/AIAssistantPanel/AIAssistant.utils.ts b/apps/studio/components/ui/AIAssistantPanel/AIAssistant.utils.ts index c3ad2cc47fd9f..c593efce4a72b 100644 --- a/apps/studio/components/ui/AIAssistantPanel/AIAssistant.utils.ts +++ b/apps/studio/components/ui/AIAssistantPanel/AIAssistant.utils.ts @@ -106,7 +106,7 @@ export const getContextualInvalidationKeys = ({ } export const onErrorChat = (error: Error) => { - const parsedError = tryParseJson(error.message) + const parsedError = error ? tryParseJson(error.message) : undefined try { handleError(parsedError?.error || parsedError || error) From 1e10ee684449dd4ea81d07b93a71557ab81d59f1 Mon Sep 17 00:00:00 2001 From: Eduardo Gurgel Date: Sat, 9 Aug 2025 13:45:46 +1200 Subject: [PATCH 2/2] fix: specify that 3rd party JWTs must have kid header parameter (#37778) --- apps/docs/content/guides/auth/third-party/overview.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/docs/content/guides/auth/third-party/overview.mdx b/apps/docs/content/guides/auth/third-party/overview.mdx index 9698ececa01c6..77d950275da97 100644 --- a/apps/docs/content/guides/auth/third-party/overview.mdx +++ b/apps/docs/content/guides/auth/third-party/overview.mdx @@ -26,7 +26,7 @@ This is made possible if the providers are using JWTs signed with asymmetric key There are some limitations you should be aware of when using third-party authentication providers with Supabase. -1. The third-party provider must use asymmetrically signed JWTs (exposed as an OIDC Issuer Discovery URL by the third-party authentication provider). Using symmetrically signed JWTs is not possible at this time. +1. The third-party provider must use asymmetrically signed JWTs (exposed as an OIDC Issuer Discovery URL by the third-party authentication provider). The signed JWTs must have a `kid` header parameter to identify which key must be used. Using symmetrically signed JWTs is not possible at this time. 2. The JWT signing keys from the third-party provider are stored in the configuration of your project, and are checked for changes periodically. If you are rotating your keys (when supported) allow up to 30 minutes for the change to be picked up. 3. It is not possible to disable Supabase Auth at this time.