Skip to content

fix: enable es256 jwt signing algorithm support for gotrue #4489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 24, 2025
Merged

fix: enable es256 jwt signing algorithm support for gotrue #4489

merged 5 commits into from
Nov 24, 2025

Conversation

@7ttp
Copy link
Contributor

@7ttp 7ttp commented Nov 23, 2025

bug fix

gotrue rejects es256 signed jwts with "signing method es256 is invalid" error despite proper signing key configuration in config.toml. the issue occurs because gotrue defaults to only accepting hs256 tokens without explicit algorithm configuration.

gotrue now receives gotrue_jwt_valid_methods environment variable during startup with all configured signing algorithms (hs256, rs256, es256). the fix detects algorithms from signing keys configuration and automatically includes them in the valid methods list. hs256 is always included for backward compatibility.

resolves #4488

@7ttp 7ttp requested a review from a team as a code owner November 23, 2025 17:02
@coveralls
Copy link

coveralls commented Nov 23, 2025
edited
Loading

Pull Request Test Coverage Report for Build 19627464325

Details

  • 0 of 2 (0.0%) changed or added relevant lines in 1 file are covered.
  • 6 unchanged lines in 2 files lost coverage.
  • Overall coverage decreased (-0.03%) to 55.06%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/start/start.go 0 2 0.0%
Files with Coverage Reduction New Missed Lines %
internal/start/start.go 1 65.39%
internal/gen/keys/keys.go 5 12.9%
Totals Coverage Status
Change from base Build 19626009298: -0.03%
Covered Lines: 6540
Relevant Lines: 11878
💛 - Coveralls

@7ttp 7ttp marked this pull request as draft November 23, 2025 17:15
@7ttp 7ttp force-pushed the patch-3 branch 3 times, most recently from 6e2abbe to b623b4d Compare November 23, 2025 17:23
@7ttp 7ttp marked this pull request as ready for review November 23, 2025 20:55
sweatybridge
sweatybridge requested changes Nov 24, 2025
View reviewed changes
@sweatybridge sweatybridge merged commit ca241cf into supabase:develop Nov 24, 2025
14 of 20 checks passed
@sweatybridge sweatybridge mentioned this pull request Nov 26, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sweatybridge sweatybridge sweatybridge approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Local Supabase setup unable to take in ES256 signing keys configuration

3 participants

@7ttp @coveralls @sweatybridge