generate-token
What It Does
Generates custom JWT tokens for use by other internal flows. This is a general-purpose token generation utility that creates signed JWTs with custom claims and expiration times, used when other edge functions or processes need to issue tokens for specific purposes (such as email confirmation links or one-time-use URLs).
When It’s Called
Called internally by other flows that need custom JWT tokens. Examples include:
- Account deletion confirmation flows (generating time-limited confirmation tokens).
- Custom course generation links (generating tokens embedded in URLs).
- Any workflow requiring a signed, expiring token for verification.
Authentication
- JWT Required: Yes
- Method: POST
- Version: 1
A valid Supabase JWT bearer token must be included in the Authorization header.
How It Works
- The client sends a POST request specifying the desired token claims and expiration.
- The function authenticates the request using the provided JWT.
- A new JWT is created with the specified custom claims (e.g., user ID, purpose, metadata).
- The token is signed and returned to the caller.
- The caller uses the token in its own flow (embed in a URL, send in an email, etc.).
Request
POST /functions/v1/generate-token
Authorization: Bearer <user_jwt>
Content-Type: application/json
{
"claims": {
"user_id": "user_abc123",
"purpose": "account_deletion"
},
"expires_in_seconds": 3600
}
Response
Success:
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"expires_at": "2026-03-01T12:00:00Z"
}
Error:
{
"error": "Invalid claims or missing required fields"
}
Tables Used
No direct table access. This function generates tokens without reading from or writing to the database.
External Services
None.
Environment Variables
| Variable | Description |
|---|---|
SUPABASE_URL |
Project URL for Supabase client initialization |
SUPABASE_SERVICE_ROLE_KEY |
Service role key used as the signing secret for JWT generation |