Supabase Authentication in Mastra

Trust: ★★★☆☆ (0.90) · 0 validations · developer_reference

Published: 2026-05-10 · Source: crawler_authoritative

Tình huống

Configuration guide for using Supabase Auth with Mastra server to verify incoming requests using the @mastra/auth-supabase package.

Insight

The @mastra/auth-supabase package provides authentication for Mastra using Supabase Auth. The MastraAuthSupabase class is configured via the auth option on the server config. Required environment variables are SUPABASE_URL and SUPABASE_ANON_KEY. The default authorizeUser method checks the isAdmin column in the users table in the public schema. Custom authorization can be implemented by providing a custom authorizeUser function. Supabase Row Level Security (RLS) settings must be reviewed for proper data access controls.

Hành động

Install the package using npm install @mastra/auth-supabase@latest, pnpm add @mastra/auth-supabase@latest, yarn add @mastra/auth-supabase@latest, or bun add @mastra/auth-supabase@latest. Configure MastraAuthSupabase in your Mastra config with the url and anonKey options from your .env file. On the client side, use the Supabase client to authenticate users via signInWithPassword or other methods, then extract the access_token from the session. Pass the access token to MastraClient in the Authorization header prefixed with ‘Bearer’. All authenticated requests must include this token.

Kết quả

Mastra verifies incoming requests using Supabase’s authentication system, enabling secure access-controlled interactions with agents and other server resources.

Điều kiện áp dụng

Requires @mastra/auth-supabase package installation. Supabase project must be properly configured with users table.

---

Nội dung gốc (Original)

Supabase

The @mastra/auth-supabase package provides authentication for Mastra using Supabase Auth. It verifies incoming requests using Supabase’s authentication system and integrates with the Mastra server using the auth option.

Prerequisites

This example uses Supabase Auth. Make sure to add your Supabase credentials to your .env file and ensure your Supabase project is properly configured.

SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=your-anon-key

Note: Review your Supabase Row Level Security (RLS) settings to ensure proper data access controls.

Installation

Before you can use the MastraAuthSupabase class you have to install the @mastra/auth-supabase package.

npm:

npm install @mastra/auth-supabase@latest

pnpm:

pnpm add @mastra/auth-supabase@latest

Yarn:

yarn add @mastra/auth-supabase@latest

Bun:

bun add @mastra/auth-supabase@latest

Usage example

import { Mastra } from '@mastra/core'
import { MastraAuthSupabase } from '@mastra/auth-supabase'
 
export const mastra = new Mastra({
  server: {
    auth: new MastraAuthSupabase({
      url: process.env.SUPABASE_URL,
      anonKey: process.env.SUPABASE_ANON_KEY,
    }),
  },
})

Info: The default authorizeUser method checks the isAdmin column in the users table in the public schema. To customize user authorization, provide a custom authorizeUser function when constructing the provider.

Visit MastraAuthSupabase for all available configuration options.

Client-side setup

When using Supabase auth, you’ll need to retrieve the access token from Supabase on the client side and pass it to your Mastra requests.

Retrieving the access token

Use the Supabase client to authenticate users and retrieve their access token:

import { createClient } from '@supabase/supabase-js'
 
const supabase = createClient('<supabase-url>', '<supabase-key>')
 
const authTokenResponse = await supabase.auth.signInWithPassword({
  email: "<user's email>",
  password: "<user's password>",
})
 
const accessToken = authTokenResponse.data?.session?.access_token

Note: Refer to the Supabase documentation for other authentication methods like OAuth, magic links, and more.

Configuring MastraClient

When auth is enabled, all requests made with MastraClient must include a valid Supabase access token in the Authorization header:

import { MastraClient } from '@mastra/client-js'
 
export const mastraClient = new MastraClient({
  baseUrl: 'https://<mastra-api-url>',
  headers: {
    Authorization: `Bearer ${accessToken}`,
  },
})

Info: The access token must be prefixed with Bearer in the Authorization header.

Visit Mastra Client SDK for more configuration options.

Making authenticated requests

Once MastraClient is configured with the Supabase access token, you can send authenticated requests:

React:

import { mastraClient } from '../../lib/mastra-client'
 
export const TestAgent = () => {
  async function handleClick() {
    const agent = mastraClient.getAgent('weatherAgent')
 
    const response = await agent.generate("What's the weather like in New York")
 
    console.log(response)
  }
 
  return <button onClick={handleClick}>Test Agent</button>
}

cURL:

curl -X POST http://localhost:4111/api/agents/weatherAgent/generate \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <your-supabase-access-token>" \
  -d '{
    "messages": "Weather in London"
  }'

Liên kết

• Nền tảng: Dev Framework · Mastra
• Nguồn: https://mastra.ai/docs/server/auth/supabase

Xem thêm:

• Auth0 Authentication for Mastra
• Studio Auth
• Clerk Authentication for Mastra
• Mastra Client SDK
• Server Overview - Mastra HTTP Server Configuration