[hasty_pudding]

It's a little bit involved but doable.

https://postgrest.org/en/stable/references/auth.html

[bigEnotation]

So where is the secret key stored for signing the JWT? In the front end as well?

Edit: Oh I found it here: https://postgrest.org/en/stable/how-tos/sql-user-management....

That’s a pretty neat design. Also an interesting attack surface