Home

pgjwt: JSON Web Tokens

The pgjwt (PostgreSQL JSON Web Token) extension allows you to create and parse JSON Web Tokens (JWTs) within a PostgreSQL database. JWTs are commonly used for authentication and authorization in web applications and services.

Enable the extension#

  1. Go to the Database page in the Dashboard.
  2. Click on Extensions in the sidebar.
  3. Search for "pgjwt" and enable the extension.

API#

Where:

  • payload is an encrypted JWT represented as a string.
  • secret is the private/secret passcode which is used to sign the JWT and verify its integrity.
  • algorithm is the method used to sign the JWT using the secret.
  • token is an encrypted JWT represented as a string.

Usage#

Once the extension is installed, you can use its functions to create and parse JWTs. Here's an example of how you can use the sign function to create a JWT:

select
  extensions.sign(
    payload   := '{"sub":"1234567890","name":"John Doe","iat":1516239022}',
    secret    := 'secret',
    algorithm := 'HS256'
  );

The pgjwt_encode function returns a string that represents the JWT, which can then be safely transmitted between parties.

              sign
---------------------------------
 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpX
 VCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiw
 ibmFtZSI6IkpvaG4gRG9lIiwiaWF0Ijo
 xNTE2MjM5MDIyfQ.XbPfbIHMI6arZ3Y9
 22BhjWgQzWXcXNrz0ogtVhfEd2o
(1 row)

To parse a JWT and extract its claims, you can use the verify function. Here's an example:

select
  extensions.verify(
    token := 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiRm9vIn0.Q8hKjuadCEhnCPuqIj9bfLhTh_9QSxshTRsA5Aq4IuM',
    secret    := 'secret',
    algorithm := 'HS256'
  );

Which returns the decoded contents and some associated metadata.

           header            |    payload     | valid
-----------------------------+----------------+-------
 {"alg":"HS256","typ":"JWT"} | {"name":"Foo"} | t
(1 row)

Resources#

© Supabase IncContributingAuthor StyleguideOpen SourceSupaSquad