Local development: Create user fails (related to new asymmetric JWTs) #4820
Description
Describe the bug
On a newly spun up local supabase development instance, running Authentication > Add user > Create new user always fails.
To Reproduce
Steps to reproduce the behavior:
supabase init/supabase start- Open
http://localhost:54323 - Go to Authentication > Add user > Create new user
- Fill in the form and click "Create user"
A failure is displayed: "Failed to create user: API error happened while trying to communicate with the server."
In Logs > Auth, find:
{
"event_message": "{\"component\":\"api\",\"error\":\"token signature is invalid: signing method HS256 is invalid\",\"level\":\"info\",\"method\":\"POST\",\"msg\":\"403: invalid JWT: unable to parse or verify signature, token signature is invalid: signing method HS256 is invalid\",\"path\":\"/admin/users\",\"referer\":\"http://127.0.0.1:3000\",\"remote_addr\":\"172.19.0.13\",\"request_id\":\"66d57f22-54fa-4e70-b08a-693e5e0f4daf\",\"time\":\"2026-02-08T01:27:34Z\"}",
"id": "ca2cf922-d752-48aa-9b73-c45da57f84c0",
"metadata": [
{
"component": "api",
"error": "token signature is invalid: signing method HS256 is invalid",
"level": "info",
"method": "POST",
"msg": "403: invalid JWT: unable to parse or verify signature, token signature is invalid: signing method HS256 is invalid",
"path": "/admin/users",
"referer": "http://127.0.0.1:3000",
"remote_addr": "172.19.0.13",
"request_id": "66d57f22-54fa-4e70-b08a-693e5e0f4daf",
"time": "2026-02-08T01:27:34Z",
"timestamp": "2026-02-08T01:27:34Z"
}
],
"timestamp": 1770514054511554
}
Expected behavior
User should be created successfully
System information
- Version of OS: openSUSE Tumbleweed 20260112
- Version of CLI: 2.76.3
- Version of Docker: Docker version 28.5.1-ce, build f8215cc26
- Versions of services:
| SERVICE IMAGE | LOCAL | LINKED |
|---|---|---|
| supabase/postgres | 17.6.1.081 | - |
| supabase/gotrue | v2.186.0 | - |
| postgrest/postgrest | v14.4 | - |
| supabase/realtime | v2.75.0 | - |
| supabase/storage-api | v1.37.6 | - |
| supabase/edge-runtime | v1.70.1 | - |
| supabase/studio | 2026.02.04-sha-fba1944 | - |
| supabase/postgres-meta | v0.95.2 | - |
| supabase/logflare | 1.30.8 | - |
| supabase/supavisor | 2.7.4 | - |
Additional context
Running docker exec -it supabase_studio_<slug> env shows that studio tries to still use the symmetric JWTs.