Liking cljdoc? Tell your friends :D

supabase.auth.jwt

Local JWT decoding and asymmetric signature verification for Supabase Auth.

Supabase issues JWTs signed with either a symmetric secret (HS256, the legacy default — not verifiable client-side) or an asymmetric key (RS256 / ES256). For asymmetric algorithms the public keys are published at <auth-url>/.well-known/jwks.json; this namespace fetches and caches that JWKS and verifies signatures using the JDK's built-in crypto, with no third-party dependency.

Callers should use supabase.auth/get-claims rather than these helpers directly.

Local JWT decoding and asymmetric signature verification for Supabase Auth.

Supabase issues JWTs signed with either a symmetric secret (`HS256`, the
legacy default — not verifiable client-side) or an asymmetric key
(`RS256` / `ES256`). For asymmetric algorithms the public keys are
published at `<auth-url>/.well-known/jwks.json`; this namespace fetches
and caches that JWKS and verifies signatures using the JDK's built-in
crypto, with no third-party dependency.

Callers should use [[supabase.auth/get-claims]] rather than these helpers
directly.
raw docstring

asymmetric-alg?clj

(asymmetric-alg? alg)
source

clear-cache!clj

(clear-cache!)

Clears the process-global JWKS cache. Primarily for tests.

Clears the process-global JWKS cache. Primarily for tests.
sourceraw docstring

decodeclj

(decode token)

Splits and decodes a JWT into {:header :payload :signed-data :signature} without verifying it. Returns an anomaly if the token is malformed.

Splits and decodes a JWT into `{:header :payload :signed-data :signature}`
without verifying it. Returns an anomaly if the token is malformed.
sourceraw docstring

verifyclj

(verify auth-url token)

Verifies token against the JWKS published at auth-url and returns {:claims <payload> :header <header>} on success, or an anomaly.

Only asymmetric algorithms (RS256, ES256) are verified here; callers fall back to server-side verification for HS256.

Verifies `token` against the JWKS published at `auth-url` and returns
`{:claims <payload> :header <header>}` on success, or an anomaly.

Only asymmetric algorithms (`RS256`, `ES256`) are verified here; callers
fall back to server-side verification for `HS256`.
sourceraw docstring

verify-with-keysclj

(verify-with-keys jwks token)

Like verify, but verifies against an already-resolved JWKS keys vector instead of fetching one. Network-free.

Like [[verify]], but verifies against an already-resolved JWKS `keys`
vector instead of fetching one. Network-free.
sourceraw docstring

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts
Ctrl+kJump to recent docs
Move to previous article
Move to next article
Ctrl+/Jump to the search field
× close