https://supabase.com/ logo
#help
Title
# help
t

TechmandanCZ

08/09/2021, 3:21 PM
Does POSTGREST check if the user ID from JWT exists? Or can I just generate JWT token (signed with the same JWT secret Auth signs it with) with arbitrary ID (taken outside of supabase) and use that? I'd like to manage user accounts outside of supabase and generate tokens only for settings and files (so users can manage only their own stuff)
s

Steve

08/09/2021, 3:35 PM
PostgREST only checks if the JWT signature matches the secret. > Or can I just generate JWT token (signed with the same JWT secret Auth signs it with) So yes, you can do that.
t

TechmandanCZ

08/09/2021, 3:36 PM
And I can still use the
auth.uuid()
function in RLS? Does that simply return the `sub`ject from JWT?
s

Steve

08/09/2021, 3:38 PM
Yes, if you include the sub claim in your JWT then
auth.uid
will work
t

TechmandanCZ

08/09/2021, 3:38 PM
thanks a lot
s

Steve

08/09/2021, 3:40 PM
Passing custom JWT to PostgREST