Kotlin: Get user claims from verified JWT

Extracts the JWT claims from the access token by first verifying the JWT against the server's JSON Web Key Set (JWKS) endpoint.

• Prefer this method over retrieveUser() as JWKS responses are cached, resulting in significantly faster responses.
• If the project is not using an asymmetric JWT signing key (like ECC or RSA), it sends a request to the Auth server (similar to retrieveUser()) to verify the JWT.
• Returns a ClaimsResponse containing claims (a JwtPayload with typed accessors for standard JWT fields), header, and signature.
• Standard claims available on JwtPayload: iss, sub, aud, exp, iat, role, aal, sessionId, email, phone, isAnonymous, amr, appMetadata, userMetadata.
• Use claims.getClaim<T>(key) or claims.getClaimOrNull<T>(key) for custom claims.

Parameters

• jwt

  (Optional)

  An optional specific JWT to verify. If not provided, uses the current session's access token.

• options

  (Optional)

  Options to customize the behavior, such as allowing expired tokens.

Examples

Get claims from current session

val response = supabase.auth.getClaims()
val email = response.claims.email
val role = response.claims.role
val aal = response.claims.aal

Get a custom claim

val response = supabase.auth.getClaims()
val customValue = response.claims.getClaimOrNull<String>("my_custom_claim")

Verify a specific JWT

val response = supabase.auth.getClaims(jwt = "your-jwt-token")