fix: enable es256 jwt signing algorithm support for gotrue

Author: 7ttp

internal/start/start.go

@@ -531,9 +531,22 @@ EOF
 			fmt.Sprintf("GOTRUE_RATE_LIMIT_WEB3=%v", utils.Config.Auth.RateLimit.Web3),
 		}
 
-		// Since signing key is validated by ResolveJWKS, simply read the key file.
 		if keys, err := afero.ReadFile(fsys, utils.Config.Auth.SigningKeysPath); err == nil && len(keys) > 0 {
 			env = append(env, "GOTRUE_JWT_KEYS="+string(keys))
+			algSet := map[string]bool{"HS256": true}
+			for _, key := range utils.Config.Auth.SigningKeys {
+				switch key.Algorithm {
+				case config.AlgRS256:
+					algSet["RS256"] = true
+				case config.AlgES256:
+					algSet["ES256"] = true
+				}
+			}
+			algorithms := make([]string, 0, len(algSet))
+			for alg := range algSet {
+				algorithms = append(algorithms, alg)
+			}
+			env = append(env, "GOTRUE_JWT_VALID_METHODS="+strings.Join(algorithms, ","))
 		}
 
 		if utils.Config.Auth.Email.Smtp != nil && utils.Config.Auth.Email.Smtp.Enabled {