How to have multiple users hitting PostgREST #3066
-
I don't understand how to allow multiple users to hit the PostgREST API if you can only have one jwt-secret in the conf file. I have one user setup and working fine, but when I try to add another user is where I am tripping up. Steps:
JWSError JWSInvalidSignature |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
You don't need to have a JWT secret for each user. You can use the same secret and change the The docs use jwt.io as example because it's an easy way to generate a JWT; in reality, you'd use an external service like Auth0 or you could manage it in the database as mentioned in this how-to. Later you could use Asymmetric Keys (again, handled by an external service) and implement more robustness for your JWT generation. |
Beta Was this translation helpful? Give feedback.
You don't need to have a JWT secret for each user. You can use the same secret and change the
"role"
inside the payload, that will generate a different JWT for that user and won't return the error you're getting.The docs use jwt.io as example because it's an easy way to generate a JWT; in reality, you'd use an external service like Auth0 or you could manage it in the database as mentioned in this how-to. Later you could use Asymmetric Keys (again, handled by an external service) and implement more robustness for your JWT generation.