Authentication
Location: Sidebar → Authentication
The Authentication page manages credentials and lets you configure the five authentication contexts available throughout the app. Almost every operation in Supatester can be run under any of these contexts — making multi-context testing a first-class feature.
The Five Authentication Contexts
| Context | Description |
|---|---|
| Publishable (Anon Key) | Unauthenticated API access using the anon key. Typically the most restricted context. |
| Anonymous User | A signed-in anonymous session. More privileged than the anon key if you have anonymous-user RLS policies. Supports Cloudflare Turnstile CAPTCHA. |
| Email User | A signed-in user identified by email and password. Scoped to auth.uid() in RLS policies. |
| Secret (Service Role) | Uses the service_role key. Bypasses all RLS. Useful as a baseline to compare against restricted contexts. |
| Custom JWT | A hand-crafted JWT with arbitrary claims. Lets you simulate any identity, role, or organisation. |
Signing In
- For the Email User context, enter your email and password and click Sign In. The session is managed automatically while the connection is active.
- For the Anonymous User context, click Sign In Anonymously. If a CAPTCHA site key is configured, a Turnstile widget will appear for you to complete.
- The Secret and Publishable contexts are always available as long as the respective keys are configured.
Custom JWT Creator
The JWT Creator is available within the Authentication page. It has two tabs "Paste Existing JWT" and "Generate JWT (Legacy)".
Paste Existing JWT
If you have a JWT token (eyJ...) that you have previously generated or generated outside of supatester you can paste it in to be used for the Custom JWT authentication context in the app.
If you generate a JWT in the "Generate JWT (Legacy)" tab it will automatically paste the result into this field when you click "Apply Token" on that tab.
Generate JWT (legacy)
You will need to supply the following information to
- Enter your JWT secret for signing (
Project Settings > JWT Keys > Legacy JWT Secret (tab)). - Set the role, sub (user uuid), and Token Expiration.
- Add any custom claims as key-value pairs (e.g.
org_id,plan,team). - Click Generate Token to produce the token.
The generated token is automatically stored as the active Custom JWT for the current connection. You can also paste any existing JWT into a decoder to inspect its claims and check its expiry.
CAPTCHA Support
The Anonymous User context supports Cloudflare Turnstile CAPTCHA. When a Turnstile site key is configured for your connection, completing the CAPTCHA widget is required before an anonymous sign-in is issued.
Cloudflare Turnstile Configuration
- Hostname Management: When testing locally, you must add
localhostto the list of authorised hostnames in your Turnstile site settings. This allows the widget to load and validate during local development. Remove or restrict this entry before going to production.