lywsvip/supabase
1
0
Fork 0
mirror of https://github.com/supabase/supabase.git synced 2026-06-17 05:08:49 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
create-pull-request/patch
supabase/apps/docs/content/guides/database/extensions/pgjwt.mdx
Kimaswa Emmanuel Yusufu d35e8081d0 docs: fix invalid syntax and wrong identifiers in code examples (#46694) 
Reading through the guides and troubleshooting docs I found a set of
code examples that don't parse or run as written. Each is a small,
self-contained fix:

- **troubleshooting/postgres-logs**: the `regexp_contains(...)` call was
missing its closing parenthesis.
- **troubleshooting/rls-performance**: the PL/pgSQL `return` statement
was missing its terminating semicolon.
- **troubleshooting/supavisor-faq**: the `CREATE USER ... WITH PASSWORD`
string literal was unterminated (missing closing quote).
- **troubleshooting/google-auth-fails**: missing comma between
`provider` and `options` in the `signInWithOAuth` object literal.
- **integrations/supabase-for-platforms**,
**database/extensions/pg_graphql**,
**deployment/branching/working-with-branches**: missing commas between
JSON properties.
- **database/extensions/pgjwt**: the default algorithm was written
`'HSA256'`; the real default is `'HS256'` (used in both `sign` and
`verify`).
- **auth/auth-email-passwordless** (Dart): `signinwithotp` should be
`signInWithOtp`.
- **auth/third-party/firebase-auth**: `async function
setRoleCustomClaim() => {` mixed a function declaration with arrow
syntax.
- **storage/management/copy-move-objects**: the storage helper is
`storage.foldername(name)`, not `storage.folder(name)`.
- **troubleshooting/hsnw-index**: prose referred to
`maintance_work_mem`; the setting is `maintenance_work_mem` (the SQL in
the same file spells it correctly).
- **troubleshooting/pgcron-debugging**: a stray double quote inside the
`cron.job_run_details` code span.

13 files, all one-line fixes. Happy to split if you'd prefer.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Corrected code examples across authentication, database, storage, and
troubleshooting guides
* Fixed method naming and syntax errors in code snippets (Dart auth,
Node.js Firebase, SQL functions)
  * Updated API signatures and variable names for accuracy
  * Improved JSON formatting in example payloads
  * Corrected typos in documentation text

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
2026-06-08 15:09:08 +00:00

121 lines
4.0 KiB
Plaintext
Raw Permalink Blame History

---
id: 'pgjwt'
title: 'pgjwt: JSON Web Tokens'
description: 'Encode and decode JWTs in Postgres'
---
<Admonition type="note">
Supabase creates and handles JWT for you. It is built into the platform. **If you use Postgres version 15 or earlier**, you don't need the pgjwt extension, and it is safe to disable. For more information on how Supabase handles JWTs, read the [Supabase and JWTs documentation](/docs/guides/auth/jwts#supabase-and-jwts)
</Admonition>
<Admonition type="deprecation">
The `pgjwt` extension is deprecated in projects using Postgres 17. It continues to be supported in projects using Postgres 15, but will need to dropped before those projects are upgraded to Postgres 17. See the [Upgrading to Postgres 17 notes](/docs/guides/platform/upgrading#upgrading-to-postgres-17) for more information.
</Admonition>
The [`pgjwt`](https://github.com/michelp/pgjwt) (Postgres JSON Web Token) extension allows you to create and parse [JSON Web Tokens (JWTs)](https://en.wikipedia.org/wiki/JSON_Web_Token) within a Postgres database. JWTs are commonly used for authentication and authorization in web applications and services.
## Enable the extension
<Tabs
scrollable
size="small"
type="underlined"
defaultActiveId="dashboard"
queryGroup="database-method"
>
<TabPanel id="dashboard" label="Dashboard">
1. Go to the [Database](/dashboard/project/_/database/tables) page in the Dashboard.
2. Click on **Extensions** in the sidebar.
3. Search for `pgjwt` and enable the extension.
</TabPanel>
<TabPanel id="sql" label="SQL">
{/* prettier-ignore */}
```sql
-- Enable the "pgjwt" extension
create extension pgjwt schema extensions;
-- Disable the "pgjwt" extension
drop extension if exists pgjwt;
```
Even though the SQL code is `create extension`, this is the equivalent of enabling the extension.
To disable an extension you can call `drop extension`.
It's good practice to create the extension within a separate schema (like `extensions`) to keep the `public` schema clean.
</TabPanel>
</Tabs>
## API
- [`sign(payload json, secret text, algorithm text default 'HS256')`](https://github.com/michelp/pgjwt#usage): Signs a JWT containing _payload_ with _secret_ using _algorithm_.
- [`verify(token text, secret text, algorithm text default 'HS256')`](https://github.com/michelp/pgjwt#usage): Decodes a JWT _token_ that was signed with _secret_ using _algorithm_.
Where:
- `payload` is an encrypted JWT represented as a string.
- `secret` is the private/secret passcode which is used to sign the JWT and verify its integrity.
- `algorithm` is the method used to sign the JWT using the secret.
- `token` is an encrypted JWT represented as a string.
## Usage
Once the extension is installed, you can use its functions to create and parse JWTs. Here's an example of how you can use the `sign` function to create a JWT:
{/* prettier-ignore */}
```sql
select
extensions.sign(
payload := '{"sub":"1234567890","name":"John Doe","iat":1516239022}',
secret := 'secret',
algorithm := 'HS256'
);
```
The `pgjwt_encode` function returns a string that represents the JWT, which can then be safely transmitted between parties.
{/* prettier-ignore */}
```
sign
---------------------------------
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpX
VCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiw
ibmFtZSI6IkpvaG4gRG9lIiwiaWF0Ijo
xNTE2MjM5MDIyfQ.XbPfbIHMI6arZ3Y9
22BhjWgQzWXcXNrz0ogtVhfEd2o
(1 row)
```
To parse a JWT and extract its claims, you can use the `verify` function. Here's an example:
{/* prettier-ignore */}
```sql
select
extensions.verify(
token := 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiRm9vIn0.Q8hKjuadCEhnCPuqIj9bfLhTh_9QSxshTRsA5Aq4IuM',
secret := 'secret',
algorithm := 'HS256'
);
```
Which returns the decoded contents and some associated metadata.
{/* prettier-ignore */}
```sql
header | payload | valid
-----------------------------+----------------+-------
{"alg":"HS256","typ":"JWT"} | {"name":"Foo"} | t
(1 row)
```
## Resources
- Official [`pgjwt` documentation](https://github.com/michelp/pgjwt)
Reference in New Issue View Git Blame Copy Permalink