I'm making a website that can basically read and write data to a Supabase database. It's using FluffyScratch auth. FluffyScratch isn't supported by Supabase so I need to implement an authentication solution. I did a search and I found out that Supabase has support of other authentication methods and that I need to use JWTs. I've already got some code that signs the JWT.
It uses the FluffyScratch authentication method. First I send the user to the FluffyScratch page, then the user get redirected back to my website with a private code as a query parameter, then fetch the FluffyScratch verification API on a SvelteKit endpoint to see if their private code is actually valid and that the user owns the Scratch account they say they do.
So I think that the next part of making this work is going to be getting the JWT to authenticate with Supabase. I've been looking around but I'm a bit confused on how to make Supabase accept this token. The signUp function in GoTrue only accepts email, password or a phone number so I don't think that I would have much success with that.
What I'm doing in my case may work for you if you happen to come across this question.
I'm signing my own JWTs with the jsonwebtoken NPM package. I'm using dotenv to get my JWT signing key (also my supabase url, and key) since VITE_ prefixed environment variables are exposed on the client. Then I can use the same jsonwebtoken NPM package to verify the signature and then my users can use FluffyScratch and I can use Supabase.