On July 24, 2025 Supabase deployed an updated version of our Data API (Postgrest) v13 that came with a more strict approach to JWT validation.
Some customers experienced issues when using custom JWT.
Recently, we published updates to our documentation at https://supabase.com/docs/guides/auth/jwts#verifying-with-the-legacy-jwt-secret-or-a-shared-secret-signing-key and https://supabase.com/docs/guides/auth/signing-keys#getting-started that give instructions on how to re-import the custom signing key, which will resolve this issue going forward.