MastraAuthSupabase Class
The MastraAuthSupabase
class provides authentication for Mastra using Supabase Auth. It verifies incoming requests using Supabase’s authentication system and integrates with the Mastra server using the experimental_auth
option.
Prerequisites
This example uses Supabase Auth. Make sure to add your Supabase credentials to your .env
file and ensure your Supabase project is properly configured.
SUPABASE_URL=https://your-project.supabase.co
SUPABASE_ANON_KEY=your-anon-key
Note: Review your Supabase Row Level Security (RLS) settings to ensure proper data access controls.
Installation
Before you can use the MastraAuthSupabase
class you have to install the @mastra/auth-supabase
package.
npm install @mastra/auth-supabase@latest
Usage example
import { Mastra } from "@mastra/core/mastra";
import { MastraAuthSupabase } from '@mastra/auth-supabase';
export const mastra = new Mastra({
// ..
server: {
experimental_auth: new MastraAuthSupabase({
url: process.env.SUPABASE_URL,
anonKey: process.env.SUPABASE_ANON_KEY
}),
},
});
Note: The default
authorizeUser
method checks theisAdmin
column in theusers
table in thepublic
schema. To customize user authorization, provide a customauthorizeUser
function when constructing the provider.
See the MastraAuthSupabase API reference for all available configuration options.
Client-side setup
When using Supabase auth, you’ll need to retrieve the access token from Supabase on the client side and pass it to your Mastra requests.
Retrieving the access token
Use the Supabase client to authenticate users and retrieve their access token:
import { createClient } from "@supabase/supabase-js";
const supabase = createClient("<supabase-url>", "<supabase-key>");
const authTokenResponse = await supabase.auth.signInWithPassword({
email: "<user's email>",
password: "<user's password>",
});
const accessToken = authTokenResponse.data?.session?.access_token;
Refer to the Supabase documentation for other authentication methods like OAuth, magic links, and more.
Configuring MastraClient
When experimental_auth
is enabled, all requests made with MastraClient
must include a valid Supabase access token in the Authorization
header:
import { MastraClient } from "@mastra/client-js";
export const mastraClient = new MastraClient({
baseUrl: "https://<mastra-api-url>",
headers: {
Authorization: `Bearer ${accessToken}`
}
});
Note: The access token must be prefixed with
Bearer
in the Authorization header.
See Mastra Client SDK for more configuration options.
Making authenticated requests
Once MastraClient
is configured with the Supabase access token, you can send authenticated requests:
import { mastraClient } from "../../lib/mastra-client";
export const TestAgent = () => {
async function handleClick() {
const agent = mastraClient.getAgent("weatherAgent");
const response = await agent.generate({
messages: "What's the weather like in New York"
});
console.log(response);
}
return <button onClick={handleClick}>Test Agent</button>;
};