|
|
|
|
|
|
by BuySomeDip
1158 days ago
|
|
|
Supabase Auth engineer here. PostgREST only has "static" asymmetric JWT support. It can't load from `/.well-known/openid-configuration` endpoints. We are tracking this internally to add better UI and support for third-party OIDC. Most of the OIDC identity providers don't rotate the keys very often, so you can follow the `/.well-known/openid-configuration` endpoint to get the JWKS JSON, and set that as the JWT Secret in the project's dashboard. (It's a bit hacky I know, we're going to be improving the UI on this.) I know this has been used with Firebase Auth, which is also OIDC compatible with asymmetric JWTs. EDIT: > How do you get SSO to work for auth providers like Auth0 and AAD that only provide public keys via an endpoint? Actually what you're describing is technically not "SSO" but using another Auth system with the rest of the Supabase stack. OIDC support for SSO -- where you use Supabase Auth with Azure AD for example -- is on the roadmap, but only SAML is supported with this announcement today. |
|
|