@@ -4,16 +4,13 @@ import (
44 "crypto"
55 "crypto/ecdsa"
66 "crypto/elliptic"
7- "crypto/rand"
87 "crypto/rsa"
98 "encoding/base64"
109 "math/big"
1110 "time"
1211
1312 "github.com/go-errors/errors"
1413 "github.com/golang-jwt/jwt/v5"
15- "github.com/google/uuid"
16- "github.com/supabase/cli/pkg/cast"
1714)
1815
1916const (
@@ -49,25 +46,6 @@ func (a *auth) generateAPIKeys() error {
4946 } else if len (a .JwtSecret .Value ) < 16 {
5047 return errors .Errorf ("Invalid config for auth.jwt_secret. Must be at least 16 characters" )
5148 }
52- // Generate default signing key (P-256 curve for ES256)
53- if len (a .SigningKeysPath ) == 0 {
54- privateKey , err := ecdsa .GenerateKey (elliptic .P256 (), rand .Reader )
55- if err != nil {
56- return errors .Errorf ("failed to generate ECDSA key: %w" , err )
57- }
58- a .SigningKeys = append (a .SigningKeys , JWK {
59- KeyType : "EC" ,
60- KeyID : uuid .New ().String (),
61- Use : "sig" ,
62- KeyOps : []string {"sign" , "verify" },
63- Algorithm : "ES256" ,
64- Extractable : cast .Ptr (true ),
65- Curve : "P-256" ,
66- X : base64 .RawURLEncoding .EncodeToString (privateKey .PublicKey .X .Bytes ()),
67- Y : base64 .RawURLEncoding .EncodeToString (privateKey .PublicKey .Y .Bytes ()),
68- PrivateExponent : base64 .RawURLEncoding .EncodeToString (privateKey .D .Bytes ()),
69- })
70- }
7149 // Generate anon key if not provided
7250 if len (a .AnonKey .Value ) == 0 {
7351 signed , err := a .generateJWT ("anon" )
0 commit comments