Custom claims and supabase update: restricting access to auth

Janis · 2025-03-19T14:33:37.226+00:00

Supabase today shared an update whereby "...certain SQL actions you can perform in your database’s auth, storage, and realtime schemas." will be restricted from April 21st onwards.I am using custom claims in my app which rely on permissions and it seems like that this permission is affected by it: generate_jwt_with_claims Are you still using the custom claims implementation you've shared several months ago? Do you have any tips how to migrate by any chance?

Janis

3 months ago

Supabase today shared an update whereby "...certain SQL actions you can perform in your database’s auth, storage, and realtime schemas." will be restricted from April 21st onwards.

I am using custom claims in my app which rely on permissions and it seems like that this permission is affected by it: generate_jwt_with_claims

@Lucas G Are you still using the custom claims implementation you've shared several months ago? Do you have any tips how to migrate by any chance?
Lucas G

3 months ago

The changes shouldn't affect much as most people likely don't have custom tables in the auth/storage/realtime schemas
I moved away from basic claims to a more complex implementation via tables
I still have my account and accountUsers tables but now I have permissions as well
And required permissions are handled via RLS (you can use database functions in RLS)

Custom claims and supabase update: restricting access to auth

Janis

Lucas G