Any authentication provider can be supported by generating custom JWTs for PowerSync.
kty
): RSA
, OKP
(EdDSA) or EC
(ECDSA).alg
):
RS256
, RS384
or RS512
for RSAEdDSA
for EdDSAES256
, ES384
or ES512
for ECDSAcrv
) - only relevant for EdDSA and ECDSA:
Ed25519
or Ed448
for EdDSAP-256
, P-384
or P-512
for ECDSAkid
must be specified and must match the kid
in the JWT.kid
matching the key in the JWKS URL.aud
of the JWT must match the PowerSync instance URL.
iat
and exp
fields must be present, with a difference of 3600 or less between them.sub
of the JWT.