Features

Agent Sdk

Dedicated SDK for agentic workflows — agent sessions, token lifecycle, and authorization requests

Token Delegation

Issue scoped tokens an agent can use downstream without exposing user credentials

Human In The Loop

Pause agent execution and require explicit user approval before proceeding

Fga

Fine-Grained Authorization — relationship-based or attribute-based access control, not just role-based

Mcp Support

Unverified — check source_urls

Async Authorization

Non-blocking approval workflows — agent continues and gets notified when approval is granted

Supabase Auth

Supabase Auth is built on GoTrue and is part of the broader Supabase Backend-as-a-Service platform. It's widely used in the AI app development community because Supabase has become the dominant BaaS for rapid AI app prototyping — the vector store, database, and auth all in one.

The auth module supports standard flows: OAuth providers, magic links, OTP, and password auth. Row-level security (RLS) in Postgres can enforce fine-grained data access rules based on the authenticated user.

For agent-specific authorization, Supabase's limitations are similar to Firebase: no token delegation, no purpose-built agent SDK, and no human-in-the-loop capabilities. The RLS model provides database-level authorization, but that's different from the agent authorization patterns (async approval, scoped delegation) that complex agents require.

Agent-specific features:

JWT-based session tokens for authenticating agent requests
Row-level security for database authorization
Service role key for backend/agent-to-database access
Can self-host for data sovereignty requirements

Supabase Auth

Best for

Limitations

Features

Frameworks

SDK Languages

Compliance

Supabase Auth