Loading user profile...

songkeys

1thread

1reply

Threads created

Supabase Auth custom domain + OAuth issuer mismatch with MCP client

The user is experiencing an issue with Supabase Auth custom domains and OAuth issuer metadata. They are using Supabase Auth as the OAuth server for an MCP client, but the OAuth metadata still returns the project-ref URL instead of the custom domain. This discrepancy may be causing the MCP client to fail in attaching an authorization header after consent. The user seeks clarification on whether this behavior is expected and how to configure the issuer metadata to use the custom domain.

Auth

MCP

Recent replies

Reply to: Supabase Auth custom domain + OAuth issuer mismatch with MCP client

My questions: 1. Is it expected that Supabase Auth custom domains still return the project-ref URL as the OAuth/OIDC `issuer`? 2. If yes, should an OAuth client discover Supabase via the project-ref URL instead of the custom domain, even when the custom domain is active? 3. Is there a supported way to make the OAuth issuer metadata use the custom Auth domain? 4. Could this issuer/custom-domain mismatch cause a strict OAuth client to complete the browser consent step but then reject the token exchange / not attach a bearer token to the MCP request? I’m intentionally omitting real domains/project refs here, but happy to DM exact URLs to Supabase staff if helpful. Just trying to understand the expected custom-domain behavior for OAuth metadata.

4/29/2026, 2:01:50 AMView on Discord

Loading user profile...