Previous featureNext feature
authentication

OAuth2.1 Server

Turn your project into an OAuth 2.1 identity provider.

Stage:
Public Beta
Available on self-hosted:
Yes

OAuth 2.1 Server transforms your Supabase project into a complete OAuth 2.1 and OpenID Connect identity provider. Authenticate AI agents, mobile apps, third-party services, and more using your existing Supabase Auth users.

Key benefits

  1. Complete control: Build custom authorization UI for your brand.
  2. AI agent authentication: LLM tools and MCP servers authenticate as existing users.
  3. First-party mobile apps: Issue tokens to your own mobile and desktop apps.
  4. Enterprise SSO: Provide OIDC for enterprise customer integrations.
  5. Multi-service auth: Single identity provider for multiple services.
  6. RLS policy enforcement: Access tokens respect Row Level Security policies.

Flows supported

Authorization code flow with PKCE. Refresh token flow. ID tokens when openid scope requested.

Endpoints

Authorization endpoint /oauth/authorize. Token endpoint /oauth/token. UserInfo endpoint /oauth/userinfo. JWKS endpoint .well-known/jwks.json. Discovery endpoints for OpenID and OAuth.

OAuth 2.1 Server is valuable for:

  • Authenticating AI agents and MCP servers
  • Building "Login with Your App" for third parties
  • First-party mobile and desktop applications
  • Enterprise customer integrations
  • Multi-service authentication architectures

OAuth 2.1 Server provides enterprise-grade identity provider capabilities built on your Supabase Auth foundation.

Read Documentation
Share
Network restrictionsOrioleDB

Build in a weekend, scale to millions

Start your projectRequest a demo