> ## Documentation Index
> Fetch the complete documentation index at: https://gofastmcp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# supabase

# `fastmcp.server.auth.providers.supabase`

Supabase authentication provider for FastMCP.

This module provides SupabaseProvider - a complete authentication solution that integrates
with Supabase Auth's JWT verification, supporting Dynamic Client Registration (DCR)
for seamless MCP client authentication.

## Classes

### `SupabaseProvider` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/supabase.py#L25" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

Supabase metadata provider for DCR (Dynamic Client Registration).

This provider implements Supabase Auth integration using metadata forwarding.
This approach allows Supabase to handle the OAuth flow directly while FastMCP acts
as a resource server, verifying JWTs issued by Supabase Auth.

IMPORTANT SETUP REQUIREMENTS:

1. Supabase Project Setup:
   * Create a Supabase project at [https://supabase.com](https://supabase.com)
   * Note your project URL (e.g., "[https://abc123.supabase.co](https://abc123.supabase.co)")
   * Configure your JWT algorithm in Supabase Auth settings (RS256 or ES256)
   * Asymmetric keys (RS256/ES256) are recommended for production

2. JWT Verification:
   * FastMCP verifies JWTs using the JWKS endpoint at {project_url}{auth_route}/.well-known/jwks.json
   * JWTs are issued by {project_url}{auth_route}
   * Default auth\_route is "/auth/v1" (can be customized for self-hosted setups)
   * Tokens are cached for up to 10 minutes by Supabase's edge servers
   * Algorithm must match your Supabase Auth configuration

3. Authorization:
   * Supabase uses Row Level Security (RLS) policies for database authorization
   * OAuth-level scopes are an upcoming feature in Supabase Auth
   * Both approaches will be supported once scope handling is available

For detailed setup instructions, see:
[https://supabase.com/docs/guides/auth/jwts](https://supabase.com/docs/guides/auth/jwts)

**Methods:**

#### `get_routes` <sup><a href="https://github.com/PrefectHQ/fastmcp/blob/main/src/fastmcp/server/auth/providers/supabase.py#L137" target="_blank"><Icon icon="github" style="width: 14px; height: 14px;" /></a></sup>

```python theme={"theme":{"light":"snazzy-light","dark":"dark-plus"}}
get_routes(self, mcp_path: str | None = None) -> list[Route]
```

Get OAuth routes including Supabase authorization server metadata forwarding.

This returns the standard protected resource routes plus an authorization server
metadata endpoint that forwards Supabase's OAuth metadata to clients.

**Args:**

* `mcp_path`: The path where the MCP endpoint is mounted (e.g., "/mcp")
  This is used to advertise the resource URL in metadata.