Introducing JWT Signing Keys

Supabase is introducing significant updates to its authentication mechanism by transitioning from symmetric to asymmetric JWTs, enhancing security and scalability. This transition will allow for more secure and efficient token verification using public key cryptography, eliminating the need to rely solely on the Auth server. The process includes generating a new key pair and a phased migration that ensures zero-downtime key rotations. Supabase also introduces new API keys that improve security based on user feedback and have plans for additional features. The rollout is currently optional, but by October 2025, all new projects will default to using asymmetric JWTs, with existing projects encouraged to adopt the new system. This shift aims to address limitations associated with symmetric keys and improve application performance while maintaining compatibility with existing systems.