Skip to main content
You can implement various types of auth:

Enabling Supabase Auth

To implement either Supabase Auth or Anonymous Sign-Ins, enable the relevant setting on the PowerSync instance, and provide your Supabase JWT Secret. Internally, this setting allows PowerSync to verify and use Supabase JWTs directly using HS256 and the provided secret.

PowerSync Cloud instances:

  1. In the PowerSync Dashboard, select your project and instance and go to the Client Auth view.
  2. Enable the “Use Supabase Auth” checkbox.
  3. Copy your JWT Secret from your Supabase project’s settings (JWT Keys section in the Supabase dashboard).
  4. If your Supabase project uses the legacy JWT signing keys, paste the secret into the “Supabase JWT Secret (optional) Legacy” field. If you’re using Supabase’s new JWT signing keys, you can leave this field empty.
  5. Click Save and Deploy to apply the changes.
PowerSync is compatible with Supabase’s new JWT signing keys. If you’re using the new keys, you don’t need to provide the legacy JWT secret. See this Discord thread for details.

Self-hosted instances:

This can be enabled via your config.yaml: 
client_auth:
  # Enable this if using Supabase Auth*
  supabase: true
  supabase_jwt_secret: your-jwt-secret

Sync Rules

The Supabase user UUID will be available as request.user_id() in Sync Rules. To use a different identifier as the user ID in Sync Rules (for example user email), use Custom authentication.