jwtkongsupabase

Any way to generate Supabase ANON_KEY and JWT_SECRET locally?

I'm self-hosting Supabase. Linode's Guide mentions a step where an ANON_KEY and a JWT_SECRET are generated, by passing JWT secret in the API Keys section of this guide by Supabase

The required value is selected by using the Preconfigured Payload dropdown.

I see that Kong is used for JWT token authentication.

If I wanted to generate ANON_KEY and JWT_SECRET values myself, instead of relying on the widget in the documentation (the second link), how would I go about doing it?

Tried to look up how the needed values for Supabase could be generated locally. Couldn't find anything. While it's an option to try to setup Kong for this purpose, I'm not certain of any configuration to use.

This seems like an undocumented matter.

Solution

  • You can find the code for the JWT generator here: https://github.com/supabase/supabase/blob/master/apps/docs/components/JwtGenerator/JwtGenerator.tsx

    import React, { useState } from 'react'
import KJUR from 'jsrsasign'
import CodeBlock from './CodeBlock/CodeBlock'
import { Button } from 'ui'

const JWT_HEADER = { alg: 'HS256', typ: 'JWT' }
const now = new Date()
const today = new Date(now.getFullYear(), now.getMonth(), now.getDate())
const fiveYears = new Date(now.getFullYear() + 5, now.getMonth(), now.getDate())
const anonToken = `
{
    "role": "anon",
    "iss": "supabase",
    "iat": ${Math.floor(today / 1000)},
    "exp": ${Math.floor(fiveYears / 1000)}
}
`.trim()

const serviceToken = `
{
    "role": "service_role",
    "iss": "supabase",
    "iat": ${Math.floor(today / 1000)},
    "exp": ${Math.floor(fiveYears / 1000)}
}
`.trim()

export default function JwtGenerator({}) {
  const secret = [...Array(40)].map(() => Math.random().toString(36)[2]).join('')

  const [jwtSecret, setJwtSecret] = useState(secret)
  const [token, setToken] = useState(anonToken)
  const [signedToken, setSignedToken] = useState('')

  const handleKeySelection = (e) => {
    const val = e.target.value
    if (val == 'service') setToken(serviceToken)
    else setToken(anonToken)
  }
  const generate = () => {
    const signedJWT = KJUR.jws.JWS.sign(null, JWT_HEADER, token, jwtSecret)
    setSignedToken(signedJWT)
  }

// [...]