Web3auth already has integrations for social provider, firebase, auth0, congnito, ext. My application uses supabase, a alternative to some of the offerered integrations, and I had trouble being able to setup a custom auth verifier that worked with supabase. Having an integration with supabase for creating a custom authentication verifier would be amazing!
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
When integrating Supabase with Web3Auth, it’s important to consider security, especially with regards to the use of JWT signing algorithms.
Currently, Supabase uses HS256 for signing and verifying JWTs. HS256 is a symmetric algorithm, meaning it uses the same key for both signing and verifying the JWT. This brings security concerns, particularly when compared to RS256, an asymmetric algorithm that uses a private key for signing and a public key for verification, providing better security for applications like Web3Auth.
In addition, Web3Auth requires the JSON Web Key Set (JWKS) to be publicly available. This is not possible with Supabase’s HS256 implementation, as it uses symmetric keys. The lack of JWKS support poses challenges for direct integration.
However, there are ongoing discussions within the Supabase community to introduce RS256 support, which would address these issues. You can follow the discussion here.
In the meantime, the recommended workaround is to set up a proxy server that can generate a JWT using the RS256 algorithm in your backend. This JWT would include the authenticated user’s details from Supabase as part of its payload. By doing this, you ensure compatibility with Web3Auth and enhance the security of the authentication flow.
Follow the Telegram Guide that follows a similar proxy approach.
If you need further clarification or assistance with the proxy setup, feel free to reach out.