Skip to content

Local Supabase setup unable to take in ES256 signing keys configuration #4488

New issue
New issue
Closed
#4489
Closed
Local Supabase setup unable to take in ES256 signing keys configuration#4488
#4489
@obadakhalili

Description

@obadakhalili
obadakhalili
opened on Nov 22, 2025

Describe the bug
I'm trying to setup a process to impersonate users locally. reading this source: https://supabase.com/docs/guides/auth/signing-keys#how-to-create-mint-jwts-if-access-to-the-private-key-or-shared-secret-is-not-possible
it seems that the general steps are:

  • generate signing keys with supabase gen signing-key --algorithm ES256
  • update config.toml to point to file
  • restart Supabase
  • observation: sessions in web app are actually invalid now and I have to re-login (so it seems like Supabase taking the new signing keys?)
  • using the jwt generated from supbase gen bearer-jwt in the code blow, returns the Supabase error: AuthApiError: invalid JWT: unable to parse or verify signature, token signature is invalid: signing method ES256 is invalid
    code: 
    const supabase = createClient(
  env.SUPABASE_URL,
  env.SUPABASE_ANON_KEY,
  {
    global: {
      headers: {
        Authorization: `Bearer ${token}`,
      },
    },
  },
)
const {
  data: { user },
  error,
} = await supabase.auth.getUser()
console.log(error) // AuthApiError: invalid JWT: unable to parse or verify signature, token signature is invalid: signing method ES256 is invalid
  • it seems that Supabase is still using HS256?

reading #4098 (comment), it seems there are some issues in Supabase around this?

to validate, I wrote a script to generate JWTs using HS256, and the generated JWT actually worked!

can you confirm that this is an issue with Supabase?

System information

  • Version of OS: MacOS, 15.6.1
  • Version of CLI: 2.58.5
  • Version of Docker: 28.4.0
  • Versions of services:
    SERVICE IMAGE          | LOCAL                  | LINKED     
 ------------------------|------------------------|------------
  supabase/postgres      | 17.6.1.021             | 17.6.1.021 
  supabase/gotrue        | v2.180.0               | v2.182.1   
  postgrest/postgrest    | v13.0.5                | v13.0.5    
  supabase/realtime      | v2.63.0                | -          
  supabase/storage-api   | v1.29.0                | -          
  supabase/edge-runtime  | v1.69.23               | -          
  supabase/studio        | 2025.11.10-sha-5291fe3 | -          
  supabase/postgres-meta | v0.93.1                | -          
  supabase/logflare      | 1.25.3                 | -          
  supabase/supavisor     | 2.7.4                  | -
  • @supabase/supabase-js: 2.81.1
  • node: v22.18.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions