pg_session_jwt

Extensions

pg_session_jwt

pg_session_jwt : Manage authentication sessions using JWTs

Overview

ID	Extension	Package	Version	Category	License	Language
7040	pg_session_jwt	pg_session_jwt	`0.4.0`	SEC	Apache-2.0	Rust

Attribute	Has Binary	Has Library	Need Load	Has DDL	Relocatable	Trusted
--s-dt-	No	Yes	No	Yes	no	yes

Relationships
Schemas	`auth`
See Also	pgjwt pgaudit pgsodium supabase_vault anon

manual updated pgrx by Vonng

Packages

Type	Repo	Version	PG Major Compatibility	Package Pattern	Dependencies
EXT	PIGSTY	`0.4.0`	18 17 16 15 14	`pg_session_jwt`	-
RPM	PIGSTY	`0.4.0`	18 17 16 15 14	`pg_session_jwt_$v`	-
DEB	PIGSTY	`0.4.0`	18 17 16 15 14	`postgresql-$v-pg-session-jwt`	-

Linux / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
el8.aarch64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
el9.x86_64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
el9.aarch64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
el10.x86_64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
el10.aarch64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
d12.x86_64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
d12.aarch64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
d13.x86_64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
d13.aarch64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
u22.x86_64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
u22.aarch64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
u24.x86_64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0
u24.aarch64	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0	PIGSTY 0.4.0

Package	Version	OS	ORG	SIZE	File URL
`pg_session_jwt_18`	`0.4.0`	el8.x86_64	pigsty	435.6 KiB	pg_session_jwt_18-0.4.0-1PIGSTY.el8.x86_64.rpm
`pg_session_jwt_18`	`0.4.0`	el8.aarch64	pigsty	308.5 KiB	pg_session_jwt_18-0.4.0-1PIGSTY.el8.aarch64.rpm
`pg_session_jwt_18`	`0.4.0`	el9.x86_64	pigsty	450.7 KiB	pg_session_jwt_18-0.4.0-1PIGSTY.el9.x86_64.rpm
`pg_session_jwt_18`	`0.4.0`	el9.aarch64	pigsty	327.7 KiB	pg_session_jwt_18-0.4.0-1PIGSTY.el9.aarch64.rpm
`pg_session_jwt_18`	`0.4.0`	el10.x86_64	pigsty	450.8 KiB	pg_session_jwt_18-0.4.0-1PIGSTY.el10.x86_64.rpm
`pg_session_jwt_18`	`0.4.0`	el10.aarch64	pigsty	327.8 KiB	pg_session_jwt_18-0.4.0-1PIGSTY.el10.aarch64.rpm
`postgresql-18-pg-session-jwt`	`0.4.0`	d12.x86_64	pigsty	364.4 KiB	postgresql-18-pg-session-jwt_0.4.0-1PIGSTY~bookworm_amd64.deb
`postgresql-18-pg-session-jwt`	`0.4.0`	d12.aarch64	pigsty	245.5 KiB	postgresql-18-pg-session-jwt_0.4.0-1PIGSTY~bookworm_arm64.deb
`postgresql-18-pg-session-jwt`	`0.4.0`	d13.x86_64	pigsty	363.7 KiB	postgresql-18-pg-session-jwt_0.4.0-1PIGSTY~trixie_amd64.deb
`postgresql-18-pg-session-jwt`	`0.4.0`	d13.aarch64	pigsty	245.8 KiB	postgresql-18-pg-session-jwt_0.4.0-1PIGSTY~trixie_arm64.deb
`postgresql-18-pg-session-jwt`	`0.4.0`	u22.x86_64	pigsty	406.9 KiB	postgresql-18-pg-session-jwt_0.4.0-1PIGSTY~jammy_amd64.deb
`postgresql-18-pg-session-jwt`	`0.4.0`	u22.aarch64	pigsty	284.0 KiB	postgresql-18-pg-session-jwt_0.4.0-1PIGSTY~jammy_arm64.deb
`postgresql-18-pg-session-jwt`	`0.4.0`	u24.x86_64	pigsty	403.1 KiB	postgresql-18-pg-session-jwt_0.4.0-1PIGSTY~noble_amd64.deb
`postgresql-18-pg-session-jwt`	`0.4.0`	u24.aarch64	pigsty	281.6 KiB	postgresql-18-pg-session-jwt_0.4.0-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pg_session_jwt_17`	`0.4.0`	el8.x86_64	pigsty	435.8 KiB	pg_session_jwt_17-0.4.0-1PIGSTY.el8.x86_64.rpm
`pg_session_jwt_17`	`0.4.0`	el8.aarch64	pigsty	308.5 KiB	pg_session_jwt_17-0.4.0-1PIGSTY.el8.aarch64.rpm
`pg_session_jwt_17`	`0.4.0`	el9.x86_64	pigsty	450.8 KiB	pg_session_jwt_17-0.4.0-1PIGSTY.el9.x86_64.rpm
`pg_session_jwt_17`	`0.4.0`	el9.aarch64	pigsty	327.8 KiB	pg_session_jwt_17-0.4.0-1PIGSTY.el9.aarch64.rpm
`pg_session_jwt_17`	`0.4.0`	el10.x86_64	pigsty	451.4 KiB	pg_session_jwt_17-0.4.0-1PIGSTY.el10.x86_64.rpm
`pg_session_jwt_17`	`0.4.0`	el10.aarch64	pigsty	327.8 KiB	pg_session_jwt_17-0.4.0-1PIGSTY.el10.aarch64.rpm
`postgresql-17-pg-session-jwt`	`0.4.0`	d12.x86_64	pigsty	364.2 KiB	postgresql-17-pg-session-jwt_0.4.0-1PIGSTY~bookworm_amd64.deb
`postgresql-17-pg-session-jwt`	`0.4.0`	d12.aarch64	pigsty	245.4 KiB	postgresql-17-pg-session-jwt_0.4.0-1PIGSTY~bookworm_arm64.deb
`postgresql-17-pg-session-jwt`	`0.4.0`	d13.x86_64	pigsty	364.0 KiB	postgresql-17-pg-session-jwt_0.4.0-1PIGSTY~trixie_amd64.deb
`postgresql-17-pg-session-jwt`	`0.4.0`	d13.aarch64	pigsty	245.6 KiB	postgresql-17-pg-session-jwt_0.4.0-1PIGSTY~trixie_arm64.deb
`postgresql-17-pg-session-jwt`	`0.4.0`	u22.x86_64	pigsty	407.3 KiB	postgresql-17-pg-session-jwt_0.4.0-1PIGSTY~jammy_amd64.deb
`postgresql-17-pg-session-jwt`	`0.4.0`	u22.aarch64	pigsty	284.0 KiB	postgresql-17-pg-session-jwt_0.4.0-1PIGSTY~jammy_arm64.deb
`postgresql-17-pg-session-jwt`	`0.4.0`	u24.x86_64	pigsty	403.3 KiB	postgresql-17-pg-session-jwt_0.4.0-1PIGSTY~noble_amd64.deb
`postgresql-17-pg-session-jwt`	`0.4.0`	u24.aarch64	pigsty	281.6 KiB	postgresql-17-pg-session-jwt_0.4.0-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pg_session_jwt_16`	`0.4.0`	el8.x86_64	pigsty	435.6 KiB	pg_session_jwt_16-0.4.0-1PIGSTY.el8.x86_64.rpm
`pg_session_jwt_16`	`0.4.0`	el8.aarch64	pigsty	308.5 KiB	pg_session_jwt_16-0.4.0-1PIGSTY.el8.aarch64.rpm
`pg_session_jwt_16`	`0.4.0`	el9.x86_64	pigsty	451.2 KiB	pg_session_jwt_16-0.4.0-1PIGSTY.el9.x86_64.rpm
`pg_session_jwt_16`	`0.4.0`	el9.aarch64	pigsty	327.7 KiB	pg_session_jwt_16-0.4.0-1PIGSTY.el9.aarch64.rpm
`pg_session_jwt_16`	`0.4.0`	el10.x86_64	pigsty	451.4 KiB	pg_session_jwt_16-0.4.0-1PIGSTY.el10.x86_64.rpm
`pg_session_jwt_16`	`0.4.0`	el10.aarch64	pigsty	327.7 KiB	pg_session_jwt_16-0.4.0-1PIGSTY.el10.aarch64.rpm
`postgresql-16-pg-session-jwt`	`0.4.0`	d12.x86_64	pigsty	363.6 KiB	postgresql-16-pg-session-jwt_0.4.0-1PIGSTY~bookworm_amd64.deb
`postgresql-16-pg-session-jwt`	`0.4.0`	d12.aarch64	pigsty	245.5 KiB	postgresql-16-pg-session-jwt_0.4.0-1PIGSTY~bookworm_arm64.deb
`postgresql-16-pg-session-jwt`	`0.4.0`	d13.x86_64	pigsty	364.4 KiB	postgresql-16-pg-session-jwt_0.4.0-1PIGSTY~trixie_amd64.deb
`postgresql-16-pg-session-jwt`	`0.4.0`	d13.aarch64	pigsty	245.6 KiB	postgresql-16-pg-session-jwt_0.4.0-1PIGSTY~trixie_arm64.deb
`postgresql-16-pg-session-jwt`	`0.4.0`	u22.x86_64	pigsty	407.0 KiB	postgresql-16-pg-session-jwt_0.4.0-1PIGSTY~jammy_amd64.deb
`postgresql-16-pg-session-jwt`	`0.4.0`	u22.aarch64	pigsty	284.0 KiB	postgresql-16-pg-session-jwt_0.4.0-1PIGSTY~jammy_arm64.deb
`postgresql-16-pg-session-jwt`	`0.4.0`	u24.x86_64	pigsty	403.1 KiB	postgresql-16-pg-session-jwt_0.4.0-1PIGSTY~noble_amd64.deb
`postgresql-16-pg-session-jwt`	`0.4.0`	u24.aarch64	pigsty	281.2 KiB	postgresql-16-pg-session-jwt_0.4.0-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pg_session_jwt_15`	`0.4.0`	el8.x86_64	pigsty	435.3 KiB	pg_session_jwt_15-0.4.0-1PIGSTY.el8.x86_64.rpm
`pg_session_jwt_15`	`0.4.0`	el8.aarch64	pigsty	308.4 KiB	pg_session_jwt_15-0.4.0-1PIGSTY.el8.aarch64.rpm
`pg_session_jwt_15`	`0.4.0`	el9.x86_64	pigsty	450.9 KiB	pg_session_jwt_15-0.4.0-1PIGSTY.el9.x86_64.rpm
`pg_session_jwt_15`	`0.4.0`	el9.aarch64	pigsty	327.7 KiB	pg_session_jwt_15-0.4.0-1PIGSTY.el9.aarch64.rpm
`pg_session_jwt_15`	`0.4.0`	el10.x86_64	pigsty	451.0 KiB	pg_session_jwt_15-0.4.0-1PIGSTY.el10.x86_64.rpm
`pg_session_jwt_15`	`0.4.0`	el10.aarch64	pigsty	327.8 KiB	pg_session_jwt_15-0.4.0-1PIGSTY.el10.aarch64.rpm
`postgresql-15-pg-session-jwt`	`0.4.0`	d12.x86_64	pigsty	363.9 KiB	postgresql-15-pg-session-jwt_0.4.0-1PIGSTY~bookworm_amd64.deb
`postgresql-15-pg-session-jwt`	`0.4.0`	d12.aarch64	pigsty	245.5 KiB	postgresql-15-pg-session-jwt_0.4.0-1PIGSTY~bookworm_arm64.deb
`postgresql-15-pg-session-jwt`	`0.4.0`	d13.x86_64	pigsty	363.5 KiB	postgresql-15-pg-session-jwt_0.4.0-1PIGSTY~trixie_amd64.deb
`postgresql-15-pg-session-jwt`	`0.4.0`	d13.aarch64	pigsty	246.0 KiB	postgresql-15-pg-session-jwt_0.4.0-1PIGSTY~trixie_arm64.deb
`postgresql-15-pg-session-jwt`	`0.4.0`	u22.x86_64	pigsty	406.8 KiB	postgresql-15-pg-session-jwt_0.4.0-1PIGSTY~jammy_amd64.deb
`postgresql-15-pg-session-jwt`	`0.4.0`	u22.aarch64	pigsty	284.0 KiB	postgresql-15-pg-session-jwt_0.4.0-1PIGSTY~jammy_arm64.deb
`postgresql-15-pg-session-jwt`	`0.4.0`	u24.x86_64	pigsty	402.7 KiB	postgresql-15-pg-session-jwt_0.4.0-1PIGSTY~noble_amd64.deb
`postgresql-15-pg-session-jwt`	`0.4.0`	u24.aarch64	pigsty	281.3 KiB	postgresql-15-pg-session-jwt_0.4.0-1PIGSTY~noble_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pg_session_jwt_14`	`0.4.0`	el8.x86_64	pigsty	435.3 KiB	pg_session_jwt_14-0.4.0-1PIGSTY.el8.x86_64.rpm
`pg_session_jwt_14`	`0.4.0`	el8.aarch64	pigsty	308.6 KiB	pg_session_jwt_14-0.4.0-1PIGSTY.el8.aarch64.rpm
`pg_session_jwt_14`	`0.4.0`	el9.x86_64	pigsty	451.0 KiB	pg_session_jwt_14-0.4.0-1PIGSTY.el9.x86_64.rpm
`pg_session_jwt_14`	`0.4.0`	el9.aarch64	pigsty	327.7 KiB	pg_session_jwt_14-0.4.0-1PIGSTY.el9.aarch64.rpm
`pg_session_jwt_14`	`0.4.0`	el10.x86_64	pigsty	451.1 KiB	pg_session_jwt_14-0.4.0-1PIGSTY.el10.x86_64.rpm
`pg_session_jwt_14`	`0.4.0`	el10.aarch64	pigsty	327.7 KiB	pg_session_jwt_14-0.4.0-1PIGSTY.el10.aarch64.rpm
`postgresql-14-pg-session-jwt`	`0.4.0`	d12.x86_64	pigsty	363.8 KiB	postgresql-14-pg-session-jwt_0.4.0-1PIGSTY~bookworm_amd64.deb
`postgresql-14-pg-session-jwt`	`0.4.0`	d12.aarch64	pigsty	245.6 KiB	postgresql-14-pg-session-jwt_0.4.0-1PIGSTY~bookworm_arm64.deb
`postgresql-14-pg-session-jwt`	`0.4.0`	d13.x86_64	pigsty	363.7 KiB	postgresql-14-pg-session-jwt_0.4.0-1PIGSTY~trixie_amd64.deb
`postgresql-14-pg-session-jwt`	`0.4.0`	d13.aarch64	pigsty	245.8 KiB	postgresql-14-pg-session-jwt_0.4.0-1PIGSTY~trixie_arm64.deb
`postgresql-14-pg-session-jwt`	`0.4.0`	u22.x86_64	pigsty	406.7 KiB	postgresql-14-pg-session-jwt_0.4.0-1PIGSTY~jammy_amd64.deb
`postgresql-14-pg-session-jwt`	`0.4.0`	u22.aarch64	pigsty	284.0 KiB	postgresql-14-pg-session-jwt_0.4.0-1PIGSTY~jammy_arm64.deb
`postgresql-14-pg-session-jwt`	`0.4.0`	u24.x86_64	pigsty	403.1 KiB	postgresql-14-pg-session-jwt_0.4.0-1PIGSTY~noble_amd64.deb
`postgresql-14-pg-session-jwt`	`0.4.0`	u24.aarch64	pigsty	281.7 KiB	postgresql-14-pg-session-jwt_0.4.0-1PIGSTY~noble_arm64.deb

Source

Repository

github.com/neondatabase/pg_session_jwt

Source Tarball

pg_session_jwt-0.4.0.tar.gz

pig build pkg pg_session_jwt;		# build rpm/deb

Install

Make sure PGDG and PIGSTY repo available:

pig repo add pgsql -u   # add both repo and update cache

Install this extension with pig:

pig install pg_session_jwt;		# install via package name, for the active PG version

pig install pg_session_jwt -v 18;   # install for PG 18
pig install pg_session_jwt -v 17;   # install for PG 17
pig install pg_session_jwt -v 16;   # install for PG 16
pig install pg_session_jwt -v 15;   # install for PG 15
pig install pg_session_jwt -v 14;   # install for PG 14

Create this extension with:

CREATE EXTENSION pg_session_jwt;

Usage

pg_session_jwt: JWT session management for PostgreSQL

pg_session_jwt handles authenticated sessions through JWTs. When configured with a JWK, it verifies JWT authenticity. Without a JWK, it falls back to PostgREST-compatible request.jwt.claims.

CREATE EXTENSION pg_session_jwt;

Mode 1: JWK Validation

Set the JWK at connection time via libpq options:

export PGOPTIONS="-c pg_session_jwt.jwk=$MY_JWK"

Then within the session:

SELECT auth.init();                        -- Initialize with JWK
SELECT auth.jwt_session_init('eyJ...');    -- Set and validate the JWT
SELECT auth.user_id();                     -- Get the 'sub' claim
SELECT auth.session();                     -- Get full JWT payload as JSONB

Mode 2: PostgREST-Compatible (No JWK)

Works out of the box with PostgREST. No initialization needed:

SELECT auth.user_id();   -- Returns 'sub' from request.jwt.claims
SELECT auth.session();   -- Returns full claims as JSONB

Functions

Function	Returns	Description
`auth.init()`	`void`	Initialize session using JWK
`auth.jwt_session_init(jwt text)`	`void`	Set and validate a JWT
`auth.session()`	`jsonb`	Get JWT payload or fallback claims
`auth.jwt()`	`jsonb`	Alias for `auth.session()`
`auth.user_id()`	`text`	Get the `sub` claim
`auth.uid()`	`uuid`	Get `sub` as UUID (or NULL)

Configuration

Parameter	Description
`pg_session_jwt.jwk`	JWK for JWT validation (set at startup or connection)
`pg_session_jwt.audit_log`	Enable audit logging (`on`/`off`)

RLS Example

CREATE POLICY user_isolation ON my_table
    USING (user_id = auth.user_id());

Last updated on 2026-03-24

supabase_vault anon