jwt anonKey and serviceKey with valid iss value

[jaigouk]

Improve documentation

Link

https://supabase.com/docs/guides/self-hosting/docker

Describe the problem

anonKey and serviceKey in secrets can be documented better for iss part

secret:
  jwt:
    # JWT keys and secrets
    anonKey: "xxx
    serviceKey: "xxx"

    secret: "xxx"

Describe the improvement

pip install pyjwt then run the script to generate the anonKey and serviceKey

import jwt
import time

jwt_secret = "my_jwt_secret"

anon_claims = {
    "role": "anon",
    "iss": "supabase.supabase-auth.svc.cluster.local",
    "iat": int(time.time()),
    "exp": int(time.time() + 43200)  # 12 hours
}

service_claims = {
    "role": "service_role",
    "iss": "supabase.supabase-supabase-auth.svc.cluster.local",
    "iat": int(time.time()),
    "exp": int(time.time() + 43200)  # 12 hours
}

anon_token = jwt.encode(anon_claims, jwt_secret, algorithm="HS256")
service_token = jwt.encode(service_claims, jwt_secret, algorithm="HS256")

print("ANON_KEY:", anon_token)
print("SERVICE_KEY:", service_token)

or golang

package main

import (
	"fmt"
	"time"

	jwt "github.com/dgrijalva/jwt-go"
)

func main() {
 secreto := "your-secret-key"
 claims := jwt.MapClaims{
  "role": "anon",
  "iss":  "supabase.supabase-auth.svc.cluster.local",
  "iat": time.Now().Unix(),
  "exp":  time.Now().Add(12 * time.Hour).Unix(),
 }

 token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 signedToken, _ := token.SignedString([]byte(secreto))

 fmt.Println(signedToken)
}

Additional context

I was confused about the iss part

[jaigouk]

closing this for kubernetes repo