fix: maintain backward compatibility for asymmetric JWTs (#1695)

## What kind of change does this PR introduce? * #1690
supabase · Jul 31, 2024 · cbb84b8 · cbb84b8
1 parent 7de0cb3
commit cbb84b8
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 7 deletions.
diff --git a/internal/api/token.go b/internal/api/token.go
@@ -379,8 +379,9 @@ func (a *API) generateAccessToken(r *http.Request, tx *storage.Connection, user
 	}
 
 	if _, ok := token.Header["kid"]; !ok {
-		kid := signingJwk.KeyID()
-		token.Header["kid"] = kid
+		if kid := signingJwk.KeyID(); kid != "" {
+			token.Header["kid"] = kid
+		}
 	}
 
 	// this serializes the aud claim to a string

diff --git a/internal/conf/configuration.go b/internal/conf/configuration.go
@@ -713,11 +713,7 @@ func (config *GlobalConfiguration) ApplyDefaults() error {
 
 	if config.JWT.Keys == nil || len(config.JWT.Keys) == 0 {
 		// transform the secret into a JWK for consistency
-		bytes, err := base64.StdEncoding.DecodeString(config.JWT.Secret)
-		if err != nil {
-			bytes = []byte(config.JWT.Secret)
-		}
-		privKey, err := jwk.FromRaw(bytes)
+		privKey, err := jwk.FromRaw([]byte(config.JWT.Secret))
 		if err != nil {
 			return err
 		}