Stage:
General Availability
Available on self-hosted:
Yes
Third-Party Authentication allows Supabase APIs to trust JWTs issued by external authentication providers. Your existing auth system issues JWTs that Supabase verifies but doesn't create, enabling integration with Firebase Authentication, Auth0, or custom providers.
Key benefits
- Existing auth integration: Use your production auth system with Supabase APIs.
- No user migration: Avoid migrating users to Supabase Auth.
- Multi-provider support: Authenticate with multiple providers simultaneously.
- JWT verification: Supabase verifies tokens against provider signing keys.
- Works across Supabase: Compatible with Data APIs, Storage, and Realtime.
Requirements
Provider must use asymmetrically signed JWTs exposed as OIDC Issuer Discovery URL. JWTs must include kid header parameter for key identification.
Third-Party Authentication is valuable for:
- Production apps with established auth systems
- Firebase Authentication users migrating to Supabase
- Multi-provider authentication strategies
- Avoiding user migration during platform adoption
Limitations
Supabase Auth cannot be disabled. Symmetric keys (HS256) not currently supported. 30-minute delay for key rotation updates.
Third-Party Authentication bridges your existing auth system with Supabase's backend services.