Skip to content

feat: add configurable JWT issuer for local auth development #4388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 5, 2025
Merged

feat: add configurable JWT issuer for local auth development #4388

merged 4 commits into from
Nov 5, 2025
+13 −6

Conversation

@cemalkilic
Copy link
Contributor

@cemalkilic cemalkilic commented Oct 30, 2025

Summary

  • Adds configurable jwt_issuer field to auth configuration in config.toml
  • Updates startup to use configured JWT issuer when set
  • Maintains backward compatibility by falling back to default API URL when not configured

Motivation

When developing OAuth integrations, the auth server OAuth discovery endpoint /.well-known/oauth-authorization-server returns URLs referencing localhost, which are inaccessible to third-party services trying to integrate with the local instance.

This change allows developers to configure the issuer url for the auth server, making it possible to test third-party OAuth integrations locally without deploying to a remote environment.

Relevant: https://github.com/orgs/supabase/discussions/38022#discussioncomment-14815820

@cemalkilic cemalkilic requested a review from a team as a code owner October 30, 2025 12:42
@aantti
Copy link

aantti commented Oct 30, 2025

This will be also configurable via GOTRUE_JWT_ISSUER env-var for self-hosted Supabase?

@cemalkilic
Copy link
Contributor Author

cemalkilic commented Oct 30, 2025

Yes, similar to any other auth env variables, this will be also parsed by auth server 👍

@coveralls
Copy link

coveralls commented Oct 30, 2025
edited
Loading

Pull Request Test Coverage Report for Build 19095672128

Details

  • 6 of 6 (100.0%) changed or added relevant lines in 1 file are covered.
  • 5 unchanged lines in 1 file lost coverage.
  • Overall coverage decreased (-0.03%) to 54.673%
Files with Coverage Reduction New Missed Lines %
internal/gen/keys/keys.go 5 12.9%
Totals Coverage Status
Change from base Build 19065008112: -0.03%
Covered Lines: 6388
Relevant Lines: 11684
💛 - Coveralls

sweatybridge
sweatybridge reviewed Oct 31, 2025
View reviewed changes
sweatybridge
sweatybridge reviewed Oct 31, 2025
View reviewed changes
@sweatybridge sweatybridge force-pushed the cemal/feat-auth-add-issuer-config branch from 37b76d0 to de9af1d Compare November 5, 2025 08:20
@sweatybridge sweatybridge merged commit 2f211d7 into develop Nov 5, 2025
10 of 11 checks passed
@sweatybridge sweatybridge deleted the cemal/feat-auth-add-issuer-config branch November 5, 2025 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sweatybridge sweatybridge sweatybridge approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cemalkilic @aantti @coveralls @sweatybridge