Support Forums

What is best practice for developing locally with `netlify dev` using rbac with jwt?


I have an app that is protected using role-based access control (rbac) with jwt. I generate the jwt myself and I am not using any third party auth service.

When deployed, I can visit my protected route once I have successfully generated a jwt token and created an nf_jwt cookie. However, when developing locally using netlify dev I can’t visit that protected route and It returns a 404.

What is best practice for developing locally with netlify dev using rbac with jwt?

Here is a simple example repo and site.



Hi @PDS,

From what I remember last, Netlify Identity wasn’t fully compatible with Netlify CLI. At least it didn’t work in sync with Netlify Functions.

I’ve pinged the developers to ask if something has changed in this regard, and will revert back as soon as we hear from them. However, this might take at least till Monday.

Hey @PDS,

Sorry about the delay. We heard back from the developers and here’s what you can do:

If you set a custom Identity JWT secret in Netlify CLI:


and your production instance, Netlify CLI should be able to handle RBAC. Since you’re already using a custom JWT, you can just use the same in your TOML file and that would work.

Note that, if you want to keep the setup in sync with your production environment, you’d have to add the production JWT secret and adding that to your TOML file might expose it to your repo. So, use it with caution.

Hey @hrishikesh - that worked perfectly. :tada:

In fact you can check what the environment is and select a development token to prevent having to use the same in both dev and production.

Either way that solves it. I would not have managed to figure that out without your help as I was unaware the dev block was available.

Many Thanks…