fix: correctly parse JWT ValidMethods from env by enabling split_words#2334
Conversation
Pull Request Test Coverage Report for Build 22099601302Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
|
Also supabase/cli#4524 ? |
|
Possibly also supabase/supabase#42037 |
|
Closing this for now to avoid confusion with env var name. For reference: supabase/cli#4818 (comment) |
|
Hi @singh-inder, thanks for the contribution! can you please rebase the master? Then we can get this merged |
singh-inder
force-pushed
the
fix/valid-methods-parsing
branch
from
11ab4b6 to
9400a53
Compare
|
No actionable comments were generated in the recent review. 🎉 📝 WalkthroughSummary by CodeRabbit
WalkthroughThe Tip Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord. Comment |
|
Hi @cemalkilic, Thanks for the review. I've rebased on master. |
🤖 I have created a release *beep* *boop* --- ## [2.187.0](v2.186.0...v2.187.0) (2026-02-23) ### Features * add metadata field to all hooks ([#2365](#2365)) ([c675749](c675749)) * check current password on change ([#2364](#2364)) ([33b87ae](33b87ae)) * **indexworker:** add max users threshold for rollout ([#2374](#2374)) ([a2066c6](a2066c6)) * **metrics:** added a gauge with version information ([#2375](#2375)) ([911ad0b](911ad0b)) * support custom oauth & oidc providers ([#2357](#2357)) ([53021f6](53021f6)) ### Bug Fixes * case-insensitive Bearer token scheme matching ([#2387](#2387)) ([36d712d](36d712d)) * correctly parse JWT ValidMethods from env by enabling split_words ([#2334](#2334)) ([a6076bc](a6076bc)) * flaky index worker test ([#2366](#2366)) ([961a7e6](961a7e6)) * **hooks:** propagate error objects from hook calls ([#2380](#2380)) ([3ca1e88](3ca1e88)) * session upgrade percentage should be based on session, not request ([#2371](#2371)) ([510e68b](510e68b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
4 participants
What kind of change does this PR introduce?
Bug fix
What is the current behavior?
JWT ValidMethods not parsed from env because split_words was missing on the struct tag, causing envconfig to look for
GOTRUE_JWT_VALIDMETHODSinstead ofGOTRUE_JWT_VALID_METHODS. Since v2.71.1, cli defaults to asymmetric keys, which caused valid HS256 tokens to be rejected.What is the new behavior?
This change adds
split_wordsto ensure the correct env var is used. I assume thatGOTRUE_JWT_VALID_METHODSis the correct env var but if it isn't, then this issue can also be solved by updating the env var passed to auth service in supabase cli toAdditional context
The following screenshots are from print statements I added
config.JWT.ValidMethods was nil because it was looking for wrong env var. It defaulted to jwk key algorithm (ES256).
auth/internal/conf/configuration.go
Lines 1092 to 1097 in 645654d
After
