[GH-ISSUE #317] Supabase API keys being generated incorrectly in the template #14447

Closed
opened 2026-07-13 16:25:38 -05:00 by GiteaMirror · 2 comments
Owner

Originally created by @Suman-Datta-Monash on GitHub (Aug 28, 2025).
Original GitHub issue: https://github.com/Dokploy/templates/issues/317

Template Name

Supabase

Relevant Logs of the Error

{"component":"api","error":"this token needs to have one of the following roles: service_role","level":"info","method":"POST","msg":"this token needs to have one of the following roles: service_role","path":"/invite","referer":"https://[REDACTED].app/*","remote_addr":"172.17.0.1","request_id":"63e223c4-5bf7-481b-8045-5a656dd7251c","time":"2025-08-28T01:17:09Z"} 

{"component":"api","duration":826263,"error_code":"not_admin","level":"info","method":"POST","msg":"request completed","path":"/invite","referer":"https://[REDACTED].app/*","remote_addr":"172.17.0.1","request_id":"63e223c4-5bf7-481b-8045-5a656dd7251c","status":403,"time":"2025-08-28T01:17:09Z"}

Steps to Reproduce the Error

  1. Deploy the Supabase template
  2. Configure the following settings: SUPABASE_PUBLIC_URL, API_EXTERNAL_URL, SMTP_*, ADDITIONAL_REDIRECT_URLS, SITE_URL.
  3. Navigate to https://[REDACTED].[REDACTED].app/project/default/auth/users
  4. Click on the green "Add user" button near the top right of the screen and subsequently click the "Send invitation" button. Enter a valid email address in the "User email" field and click on the green "Invite user" button.
  5. Error occurs as soon as you click the green "Invite user" button.

Expected behaviour: An invitation is sent to the email address provided in step 4. And a row is added to the auth.users table.
Actual behaviour: After clicking the green "Invite user" button the modal closes, there is no indication that something has gone wrong and a row is not added to the auth.users table.

Environment Information

Operating System: Ubuntu 22.04
Dokploy version: 0.24.12
VPS Provider: DigitalOcean
Template Version: 1.25.04
Browser: Chrome

When does this error occur?

After successful deployment

Additional Context

Workaround

  1. Visit https://supabase.com/docs/guides/self-hosting/docker#generate-api-keys
  2. Obtain a 40 character alphanumeric secret, JWT_SECRET
  3. Generate an ANON_KEY and SERVICE_KEY
  4. Update the JWT_SECRET, ANON_KEY and SERVICE_KEY in your Supabase service's Environment tab, scroll to the bottom and click the "Save" button.
  5. In the general tab click the "Deploy" button.

Will you send a PR to fix it?

Maybe, need help

Originally created by @Suman-Datta-Monash on GitHub (Aug 28, 2025). Original GitHub issue: https://github.com/Dokploy/templates/issues/317 ### Template Name Supabase ### Relevant Logs of the Error ``` {"component":"api","error":"this token needs to have one of the following roles: service_role","level":"info","method":"POST","msg":"this token needs to have one of the following roles: service_role","path":"/invite","referer":"https://[REDACTED].app/*","remote_addr":"172.17.0.1","request_id":"63e223c4-5bf7-481b-8045-5a656dd7251c","time":"2025-08-28T01:17:09Z"} {"component":"api","duration":826263,"error_code":"not_admin","level":"info","method":"POST","msg":"request completed","path":"/invite","referer":"https://[REDACTED].app/*","remote_addr":"172.17.0.1","request_id":"63e223c4-5bf7-481b-8045-5a656dd7251c","status":403,"time":"2025-08-28T01:17:09Z"} ``` ### Steps to Reproduce the Error 1. Deploy the [Supabase](https://github.com/Dokploy/templates/tree/main/blueprints/supabase) template 2. Configure the following settings: `SUPABASE_PUBLIC_URL`, `API_EXTERNAL_URL`, `SMTP_*`, `ADDITIONAL_REDIRECT_URLS`, `SITE_URL`. 3. Navigate to https://[REDACTED].[REDACTED].app/project/default/auth/users 4. Click on the green "Add user" button near the top right of the screen and subsequently click the "Send invitation" button. Enter a valid email address in the "User email" field and click on the green "Invite user" button. 5. Error occurs as soon as you click the green "Invite user" button. **Expected behaviour:** An invitation is sent to the email address provided in step 4. And a row is added to the auth.users table. **Actual behaviour:** After clicking the green "Invite user" button the modal closes, there is no indication that something has gone wrong and a row is **not** added to the auth.users table. ### Environment Information ```bash Operating System: Ubuntu 22.04 Dokploy version: 0.24.12 VPS Provider: DigitalOcean Template Version: 1.25.04 Browser: Chrome ``` ### When does this error occur? After successful deployment ### Additional Context #### Workaround 1. Visit https://supabase.com/docs/guides/self-hosting/docker#generate-api-keys 2. Obtain a 40 character alphanumeric secret, `JWT_SECRET` 3. Generate an `ANON_KEY` and `SERVICE_KEY` 4. Update the `JWT_SECRET`, `ANON_KEY` and `SERVICE_KEY` in your Supabase service's Environment tab, scroll to the bottom and click the "Save" button. 5. In the general tab click the "Deploy" button. ### Will you send a PR to fix it? Maybe, need help
GiteaMirror added the bug label 2026-07-13 16:25:38 -05:00
Author
Owner

@samiralavi commented on GitHub (Nov 15, 2025):

Supabase template is updated in: https://github.com/Dokploy/templates/pull/537

<!-- gh-comment-id:3536844442 --> @samiralavi commented on GitHub (Nov 15, 2025): Supabase template is updated in: https://github.com/Dokploy/templates/pull/537
Author
Owner

@Siumauricio commented on GitHub (Jul 8, 2026):

The Supabase template has been reworked twice since this was reported (#872 and #961 — new kong entrypoint, JWKS/asymmetric key routes, current gotrue/postgrest versions) and the auth flow was deploy-verified this week. The JWT/role generation this issue describes belongs to the old template. Please reopen if you can still reproduce it with the current template.

<!-- gh-comment-id:4917207164 --> @Siumauricio commented on GitHub (Jul 8, 2026): The Supabase template has been reworked twice since this was reported (#872 and #961 — new kong entrypoint, JWKS/asymmetric key routes, current gotrue/postgrest versions) and the auth flow was deploy-verified this week. The JWT/role generation this issue describes belongs to the old template. Please reopen if you can still reproduce it with the current template.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/templates#14447