Swift: Get user claims from verified JWT

• Verifies a JWT and extracts its claims.
• For symmetric JWTs (HS256), verification is performed server-side via the getUser() API.
• For asymmetric JWTs (RS256), verification is performed client-side using Apple Security framework.
• Uses a global JWKS cache shared across all clients with the same storage key for optimal performance.
• Automatically handles key rotation by falling back to server-side verification when a JWK is not found.
• The JWKS cache has a 10-minute TTL (time-to-live).

Parameters

• jwt

  (Optional)

  The JWT to verify. If not provided, uses the access token from the current session.

• options

  (Optional)

  Options for JWT verification. Can specify `allowExpired` to skip expiration check and `jwks` to provide custom JSON Web Key Set.

Examples

Verify and get claims from current session

let response = try await supabase.auth.getClaims()
print("User ID: \(response.claims.sub ?? "N/A")")
print("Email: \(response.claims.email ?? "N/A")")
print("Role: \(response.claims.role ?? "N/A")")

Verify and get claims from a specific JWT

let customToken = "eyJhbGci..."
let response = try await supabase.auth.getClaims(jwt: customToken)

Get claims from an expired JWT

let response = try await supabase.auth.getClaims(
  options: GetClaimsOptions(allowExpired: true)
)

Verify JWT with custom JWKS

let customJWKS = JWKS(keys: [...])
let response = try await supabase.auth.getClaims(
  options: GetClaimsOptions(jwks: customJWKS)
)