fix: remove jwt key validation to allow new api keys (#212)

Author: silentworks

supabase_functions/_async/functions_client.py

@@ -7,7 +7,6 @@
 from ..utils import (
     FunctionRegion,
     is_http_url,
-    is_valid_jwt,
     is_valid_str_arg,
 )
 from ..version import __version__
@@ -103,9 +102,6 @@ def set_auth(self, token: str) -> None:
             the new jwt token sent in the authorization header
         """
 
-        if not is_valid_jwt(token):
-            raise ValueError("token must be a valid JWT authorization token string.")
-
         self.headers["Authorization"] = f"Bearer {token}"
 
     async def invoke(

supabase_functions/_sync/functions_client.py

@@ -7,7 +7,6 @@
 from ..utils import (
     FunctionRegion,
     is_http_url,
-    is_valid_jwt,
     is_valid_str_arg,
 )
 from ..version import __version__
@@ -103,9 +102,6 @@ def set_auth(self, token: str) -> None:
             the new jwt token sent in the authorization header
         """
 
-        if not is_valid_jwt(token):
-            raise ValueError("token must be a valid JWT authorization token string.")
-
         self.headers["Authorization"] = f"Bearer {token}"
 
     def invoke(

supabase_functions/utils.py

@@ -1,4 +1,3 @@
-import re
 import sys
 from urllib.parse import urlparse
 from warnings import warn
@@ -59,26 +58,3 @@ def is_valid_str_arg(target: str) -> bool:
 
 def is_http_url(url: str) -> bool:
     return urlparse(url).scheme in {"https", "http"}
-
-
-def is_valid_jwt(value: str) -> bool:
-    """Checks if value looks like a JWT, does not do any extra parsing."""
-    if not isinstance(value, str):
-        return False
-
-    # Remove trailing whitespaces if any.
-    value = value.strip()
-
-    # Remove "Bearer " prefix if any.
-    if value.startswith("Bearer "):
-        value = value[7:]
-
-    # Valid JWT must have 2 dots (Header.Paylod.Signature)
-    if value.count(".") != 2:
-        return False
-
-    for part in value.split("."):
-        if not re.search(BASE64URL_REGEX, part, re.IGNORECASE):
-            return False
-
-    return True

tests/_async/test_function_client.py

@@ -49,14 +49,6 @@ async def test_set_auth_valid_token(client: AsyncFunctionsClient):
     assert client.headers["Authorization"] == f"Bearer {valid_token}"
 
 
-async def test_set_auth_invalid_token(client: AsyncFunctionsClient):
-    invalid_token = "invalid-token"
-    with pytest.raises(
-        ValueError, match="token must be a valid JWT authorization token string."
-    ):
-        client.set_auth(invalid_token)
-
-
 async def test_invoke_success_json(client: AsyncFunctionsClient):
     mock_response = Mock(spec=Response)
     mock_response.json.return_value = {"message": "success"}

tests/_sync/test_function_client.py

@@ -49,14 +49,6 @@ def test_set_auth_valid_token(client: SyncFunctionsClient):
     assert client.headers["Authorization"] == f"Bearer {valid_token}"
 
 
-def test_set_auth_invalid_token(client: SyncFunctionsClient):
-    invalid_token = "invalid-token"
-    with pytest.raises(
-        ValueError, match="token must be a valid JWT authorization token string."
-    ):
-        client.set_auth(invalid_token)
-
-
 def test_invoke_success_json(client: SyncFunctionsClient):
     mock_response = Mock(spec=Response)
     mock_response.json.return_value = {"message": "success"}

tests/test_utils.py

@@ -8,7 +8,6 @@
     FunctionRegion,
     SyncClient,
     is_http_url,
-    is_valid_jwt,
     is_valid_str_arg,
 )
 
@@ -73,43 +72,6 @@ def test_is_http_url(test_input: str, expected: bool):
     assert is_http_url(test_input) == expected
 
 
-@pytest.mark.parametrize(
-    "test_input,expected",
-    [
-        # Valid JWTs
-        (
-            "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U",
-            True,
-        ),
-        (
-            "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U",
-            True,
-        ),
-        # JWT with whitespace
-        (
-            "  eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgNryP4J3jVmNHl0w5N_XgL0n3I9PlFUP0THsR8U  ",
-            True,
-        ),
-        # Invalid inputs
-        ("", False),
-        ("not.a.jwt", False),
-        ("invalid.jwt.format.extra.dots", False),
-        ("Bearer ", False),
-        ("Bearer invalid", False),
-        # Invalid types
-        (None, False),
-        (123, False),
-        ([], False),
-        ({}, False),
-        # Invalid base64url format
-        ("invalid@.base64.format", False),
-        ("header.pay!load.signature", False),
-    ],
-)
-def test_is_valid_jwt(test_input: Any, expected: bool):
-    assert is_valid_jwt(test_input) == expected
-
-
 def test_base64url_regex():
     import re