Skip to content

Add supabase docs #2030

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jlowin merged 3 commits into from
Dec 4, 2025
Merged

Add supabase docs #2030

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a13f297
Add supabase docs
jlowin Oct 9, 2025
2537240
Merge main into supabase-docs and resolve docs.json conflict
jlowin Dec 4, 2025
fe3bf5f
Update supabase version badge to 2.13.0
jlowin Dec 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/docs.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@
"integrations/google",
"integrations/oci",
"integrations/scalekit",
"integrations/supabase",
"integrations/workos"
]
},
Expand Down
143 changes: 143 additions & 0 deletions docs/integrations/supabase.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
---
title: Supabase 🤝 FastMCP
sidebarTitle: Supabase
description: Secure your FastMCP server with Supabase Auth
icon: shield-check
tag: NEW
---

import { VersionBadge } from "/snippets/version-badge.mdx"

<VersionBadge version="2.13.0" />

This guide shows you how to secure your FastMCP server using **Supabase Auth**. This integration uses the [**Remote OAuth**](/servers/auth/remote-oauth) pattern, where Supabase handles user authentication and your FastMCP server validates the tokens.

## Configuration

### Prerequisites

Before you begin, you will need:
1. A **[Supabase Account](https://supabase.com/)** with a project
2. Your FastMCP server's URL (can be localhost for development, e.g., `http://localhost:8000`)

### Step 1: Get Supabase Project URL

In your Supabase Dashboard:
1. Go to **Project Settings**
2. Copy your **Project URL** (e.g., `https://abc123.supabase.co`)

### Step 2: FastMCP Configuration

Create your FastMCP server using the `SupabaseProvider`:

```python server.py
from fastmcp import FastMCP
from fastmcp.server.auth.providers.supabase import SupabaseProvider

# Configure Supabase Auth
auth = SupabaseProvider(
project_url="https://abc123.supabase.co",
base_url="http://localhost:8000"
)

mcp = FastMCP("Supabase Protected Server", auth=auth)

@mcp.tool
def protected_tool(message: str) -> str:
"""This tool requires authentication."""
return f"Authenticated user says: {message}"

if __name__ == "__main__":
mcp.run(transport="http", port=8000)
```

## Testing

### Running the Server

Start your FastMCP server with HTTP transport to enable OAuth flows:

```bash
fastmcp run server.py --transport http --port 8000
```

Your server is now running and protected by Supabase authentication.

### Testing with a Client

Create a test client that authenticates with your Supabase-protected server:

```python client.py
from fastmcp import Client
import asyncio

async def main():
# The client will automatically handle Supabase OAuth
async with Client("http://localhost:8000/mcp", auth="oauth") as client:
# First-time connection will open Supabase login in your browser
print("✓ Authenticated with Supabase!")

# Test the protected tool
result = await client.call_tool("protected_tool", {"message": "Hello!"})
print(result)

if __name__ == "__main__":
asyncio.run(main())
```
Comment on lines +70 to +86
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# Find Client class definition
find . -type f -name "*.py" | xargs grep -l "class Client"

Repository: jlowin/fastmcp

Length of output: 227

🏁 Script executed:

# Search for auth parameter usage in Client initialization
rg "Client.*auth" --type py -A 3 -B 3

Repository: jlowin/fastmcp

Length of output: 6297

🏁 Script executed:

# Look for existing MDX examples showing error handling
find docs -name "*.mdx" -exec grep -l "try:" {} \;

Repository: jlowin/fastmcp

Length of output: 189

🏁 Script executed:

# Check for exception types in fastmcp
rg "class.*Error|class.*Exception" --type py

Repository: jlowin/fastmcp

Length of output: 968

🏁 Script executed:

# Examine Client class definition
head -100 src/fastmcp/client/client.py

Repository: jlowin/fastmcp

Length of output: 2656

🏁 Script executed:

# Look at one complete auth example to see error handling pattern
cat examples/auth/github_oauth/client.py

Repository: jlowin/fastmcp

Length of output: 844

🏁 Script executed:

# Check what exceptions can be raised during Client operations
cat src/fastmcp/exceptions.py

Repository: jlowin/fastmcp

Length of output: 801

🏁 Script executed:

# Verify the specific supabase.mdx file to see full context
sed -n '54,92p' docs/integrations/supabase.mdx

Repository: jlowin/fastmcp

Length of output: 1158

Add error handling to the client code example.

The code example shows only the successful OAuth flow but lacks error handling for authentication failures (denied authorization, network errors, token exchange failures). All official fastmcp auth examples wrap the Client initialization in try/except blocks. Add error handling to match the established pattern:

async def main():
    try:
        async with Client("http://localhost:8000/mcp", auth="oauth") as client:
            print("✓ Authenticated with Supabase!")
            result = await client.call_tool("protected_tool", {"message": "Hello!"})
            print(result)
    except Exception as e:
        print(f"✗ Authentication failed: {e}")
        raise
🤖 Prompt for AI Agents 
In docs/integrations/supabase.mdx around lines 70 to 86, the example client code
lacks error handling for OAuth failures (denied auth, network/token errors);
wrap the async Client usage in a try/except block that logs/prints a clear
authentication failure message including the exception and re-raises (or exits)
so examples match the project's established pattern for auth examples.


When you run the client for the first time:
1. Your browser will open to Supabase's authorization page
2. After you authorize, you'll be redirected back
3. The client receives the token and can make authenticated requests

## Environment Variables

For production deployments, use environment variables instead of hardcoding credentials.

### Provider Selection

Setting this environment variable allows the Supabase provider to be used automatically without explicitly instantiating it in code.

<Card>
<ParamField path="FASTMCP_SERVER_AUTH" default="Not set">
Set to `fastmcp.server.auth.providers.supabase.SupabaseProvider` to use Supabase authentication.
</ParamField>
</Card>

### Supabase-Specific Configuration

These environment variables provide default values for the Supabase provider, whether it's instantiated manually or configured via `FASTMCP_SERVER_AUTH`.

<Card>
<ParamField path="FASTMCP_SERVER_AUTH_SUPABASE_PROJECT_URL" required>
Your Supabase project URL (e.g., `https://abc123.supabase.co`)
</ParamField>

<ParamField path="FASTMCP_SERVER_AUTH_SUPABASE_BASE_URL" required>
Public URL of your FastMCP server (e.g., `https://your-server.com` or `http://localhost:8000` for development)
</ParamField>

<ParamField path="FASTMCP_SERVER_AUTH_SUPABASE_REQUIRED_SCOPES" default="[]">
Comma-, space-, or JSON-separated list of required OAuth scopes (e.g., `openid email` or `["openid", "email"]`)
</ParamField>
</Card>

Example `.env` file:
```bash
# Use the Supabase provider
FASTMCP_SERVER_AUTH=fastmcp.server.auth.providers.supabase.SupabaseProvider

# Supabase configuration
FASTMCP_SERVER_AUTH_SUPABASE_PROJECT_URL=https://abc123.supabase.co
FASTMCP_SERVER_AUTH_SUPABASE_BASE_URL=https://your-server.com
FASTMCP_SERVER_AUTH_SUPABASE_REQUIRED_SCOPES=openid,email
```

With environment variables set, your server code simplifies to:

```python server.py
from fastmcp import FastMCP

# Authentication is automatically configured from environment
mcp = FastMCP(name="Supabase Protected Server")
```
Loading