Unable to use custom Jwt in realtime client out of the box

[squallsama]

Describe the bug
I have flutter application and I'm using custom signed Jwt token:
await Supabase.initialize( url: Env.supabaseUrl, anonKey: Env.supabaseAnonKey, headers: { 'Authorization': 'Bearer $userCustomJwt', });

Everything fine except realtime. It doesn't work without switching auth via:
Supabase.instance.client.realtime.setAuth(userCustomJwt); After that realtime start working fine.

I saw doc about it https://supabase.com/docs/guides/realtime/extensions/postgres-changes#custom-tokens and also there is similar issue, but related to js https://github.com/orgs/supabase/discussions/13620 and js library allows user to create Supabase client with custom Realtime headers.

To Reproduce
Steps to reproduce the behavior:

1. Initialize Supabase
   await Supabase.initialize(
   url: Env.supabaseUrl,
   anonKey: Env.supabaseAnonKey,
   headers: {
   'Authorization': 'Bearer $userCustomJwt',
   });
2. Use any kind of stream for realtime. For example:
   client .from('test_table') .stream(primaryKey: ['id']) .order('created_at') .map((maps) => maps.map((map) { return TestMessage.fromMap(map: map); }).toList())
3. You will notice that client will be able to retrieve rows first time, but it will not be able retrieve any new data without setting directly auth token for realtime client via Supabase.instance.client.realtime.setAuth(userCustomJwt);

Expected behavior
Supabase initialized with custom token and this custom jwt token used for all clients and for realtime client too

[leandrorazevedo]

Hi @squallsama ,

Try this :

1 - Change your JWT Token claims with role, aud, and sub.
1.1 - Fill role and aud with the value "authenticated", even though you might not really use the authenticated role in your RLS policies.

2 - To use your own JWT with Realtime make sure to set the token after instantiating the Supabase client and before connecting to a Channel.

******

  await Supabase.initialize(
    url: 'xxxxxxxxxx',
    anonKey: 'xxxxxxxx',
  );

******

  @override
  void initState() {
    Supabase.instance.client.headers['Authorization'] = "Bearer $token";
    Supabase.instance.client.realtime.setAuth(token);
    _stream = Supabase.instance.client.from('your-table-here').stream(primaryKey: ['id']).order('created_at');
    super.initState();
  }

See : https://github.com/orgs/supabase/discussions/13620#discussioncomment-5599317

https://supabase.com/docs/guides/realtime/postgres-changes#custom-tokens

hope it helps

[squallsama]

Hi @squallsama ,

Try this :

1 - Change your JWT Token claims with role, aud, and sub. 1.1 - Fill role and aud with the value "authenticated", even though you might not really use the authenticated role in your RLS policies.

2 - To use your own JWT with Realtime make sure to set the token after instantiating the Supabase client and before connecting to a Channel.

******

  await Supabase.initialize(
    url: 'xxxxxxxxxx',
    anonKey: 'xxxxxxxx',
  );

******

  @override
  void initState() {
    Supabase.instance.client.headers['Authorization'] = "Bearer $token";
    Supabase.instance.client.realtime.setAuth(token);
    _stream = Supabase.instance.client.from('your-table-here').stream(primaryKey: ['id']).order('created_at');
    super.initState();
  }

See : https://github.com/orgs/supabase/discussions/13620#discussioncomment-5599317

https://supabase.com/docs/guides/realtime/postgres-changes#custom-tokens

hope it helps

My token contains exactly these fields with exactly same values that you are mentioned.

[leandrorazevedo]

And did you add these two lines before the call to the strem() method?

    Supabase.instance.client.headers['Authorization'] = "Bearer $token";
    Supabase.instance.client.realtime.setAuth(token);