Authentication Setup
PowerSync clients (i.e. apps used by your users that embed the PowerSync Client SDK) authenticate against the server-side PowerSync Service using JWTs (signed tokens) that are generated by your application backend.
Before using PowerSync, an application’s existing architecture may look like this:
The PowerSync Service uses database native credentials and authenticates directly against the backend database using the configured credentials:
When the PowerSync client SDK is included in an app project, it uses existing app-to-backend authentication to retrieve a JSON Web Token (JWT):
The PowerSync client SDK uses the retrieved JWT to authenticate directly against the PowerSync Service:
Users are not persisted in PowerSync, and there is no server-to-server communication used for client authentication.
Some authentication providers already generate JWTs for users which PowerSync can verify directly — see the documentation for individual providers (e.g. Supabase Auth, Firebase Auth)
For others, some backend code must be added to your application backend to generate the JWTs needed for PowerSync — see Custom authentication.
For a quick way to get up and running during development, you can generate Development Tokens directly from the PowerSync Dashboard (PowerSync Cloud) or locally with a self-hosted setup.
Was this page helpful?