anomalyco
Supabase MCP
Question
I'm trying to setup a remote project-scoped supabase mcp. Whichever method I try (oauth or bearer api key), the debug output is allways the same. opencode.json is in my project root, I tried both loading the api key from env and hardcoding it.
Here's the debug output.
┌ MCP OAuth Debug
│
● Server: supabase
│
● URL: https://mcp.supabase.com/mcp?project_ref=[redacted]
│
● Auth status: ○ not authenticated
│
◇ HTTP response: 401 Unauthorized
│
● WWW-Authenticate: Bearer error="invalid_request", error_description="No access token was provided in this request", resource_metadata="https://mcp.supabase.com/.well-known/oauth-protected-resource/mcp?project_ref=[redacted]"
│
▲ Server returned 401 Unauthorized
│
● Testing OAuth flow (without completing authorization)...
│
■ Connection error: Dynamic client registration failed: HTTP 404
│
└ Debug complete```
Is it even possible to use the supabase mcp, or am I doing something wrong?
I think you need to setup supabase auth (or something like that) first to connect an mcp client.
Edit:
Did you try this?
https://supabase.com/docs/guides/auth/oauth-server/mcp-authentication#prerequisites
No, I think it's for connecting mcp to an app (correct me if I'm wrong), I just need it for local development.
I have no trouble adding it to Claude Code (oauth) or Kilo (access token).
Edit:
I tried adding another mcp that doesn't require auth (svelte) with the opencode mcp add command. Here's the output:
┌ Add MCP server
│
◇ Enter MCP server name
│ svelte
│
◇ Select MCP server type
│ Remote
│
◇ Enter MCP server URL
│ https://mcp.svelte.dev/mcp
│
◇ Does this server require OAuth authentication?
│ No
│
● Remote MCP server "svelte" configured with URL: https://mcp.svelte.dev/mcp
│
└ MCP server added successfully
Then, running opencode mcp list gives this:
┌ MCP Servers
│
▲ No MCP servers configured
│
└ Add servers with: opencode mcp add
Bug, or silly me?
Following, facing the same issue since last night.
Here's my opencode.json:
{
"$schema": "https://opencode.ai/config.json",
"provider": {
"myprovider": {
"npm": "@ai-sdk/openai-compatible",
"name": "PrimeIntellect",
"options": {
"baseURL": "https://api.pinference.ai/api/v1",
"apiKey": "{env:PRIME_API_KEY}"
},
"models": {
"google/gemini-3-flash-preview": {
"name": "Gemini 3 Flash Preview"
},
"google/gemini-3-pro-preview": {
"name": "Gemini 3 Pro Preview"
},
"openai/gpt-5.2": {
"name": "GPT 5.2"
},
"anthropic/claude-sonnet-4.5": {
"name": "Claude Sonnet 4.5"
},
"anthropic/claude-opus-4.5": {
"name": "Claude Opus 4.5"
}
}
}
},
"mcp": {
"playwright": {
"type": "local",
"command": [
"npx",
"@playwright/mcp@latest"
],
"enabled": true
},
"supabase": {
"type": "remote",
"url": "https://mcp.supabase.com/mcp?project_ref=voplznrezagtsebsfswl",
"enabled": true,
"oauth": {}
}
}
}
Here is the output of: opencode mcp debug supabase
❯ opencode mcp debug supabase
┌ MCP OAuth Debug
│
● Server: supabase
│
● URL: https://mcp.supabase.com/mcp?project_ref=voplznrezagtsebsfswl
│
● Auth status: ○ not authenticated
│
◇ HTTP response: 401 Unauthorized
│
● WWW-Authenticate: Bearer error="invalid_request", error_description="No access token was provided in this request", resource_metadata="https://mcp.supabase.com/.well-known/oauth-protected-resource/mcp?project_ref=voplznrezagtsebsfswl"
│
▲ Server returned 401 Unauthorized
│
● Testing OAuth flow (without completing authorization)...
│
■ Connection error: Dynamic client registration failed: HTTP 404
│
└ Debug complete
Can u show ur opencode.json?
@rekram1-node I made a new folder when i tested with mcp add, there was no json there after the success message.
I added svelte manually to the original folder json, it works now, but supa - no luck.
{
"$schema": "https://opencode.ai/config.json",
"mcp": {
"supabase": {
"type": "remote",
"url": "https://mcp.supabase.com/mcp?project_ref=[project]",
"oauth": {},
/*
"headers": {
"Authorization": "Bearer {env:SUPABASE_ACCESS_TOKEN}",
},
*/
"enabled": true
},
"svelte": {
"type": "remote",
"url": "https://mcp.svelte.dev/mcp",
"enabled": true,
},
},
}
Following, facing the same issue since last night.
@lakshyaag My debug outputs started giving me time out after 5s messages occasionally.
I somehow managed to connect the supabase mcp server with this config:
"mcp": {
"supabase": {
"type": "remote",
"url": "https://mcp.supabase.com/mcp?project_ref=<YOUR-PROJET-REF>",
"oauth": {},
"headers": {
"Authorization": "Bearer <YOUR_sbp_token>",
},
"enabled": true
}
}
I create the token here: https://supabase.com/dashboard/account/tokens
I somehow managed to connect the supabase mcp server with this config:
"mcp": { "supabase": { "type": "remote", "url": "https://mcp.supabase.com/mcp?project_ref=<YOUR-PROJET-REF>", "oauth": {}, "headers": { "Authorization": "Bearer <YOUR_sbp_token>", }, "enabled": true } }I create the token here: https://supabase.com/dashboard/account/tokens
This does not work for me - i get
WWW-Authenticate: Bearer error="invalid_request", error_description="No access token was provided in this request", resource_metadata="https://mcp.supabase.com/.well-known/oauth-protected-resource/mcp"
even though the token is clearly there.
@cravenceiling Yeah, it connects today with the token, yesterday it didn't. Nevertheless, the debug output remains the same as yesterday, with an addition of a Client ID.
┌ MCP OAuth Debug
│
● Server: supabase
│
● URL: https://mcp.supabase.com/mcp?project_ref=[project]
│
● Auth status: ○ not authenticated
│
● Client ID: [some uuid]
│
◇ HTTP response: 401 Unauthorized
│
● WWW-Authenticate: Bearer error="invalid_request", error_description="No access token was provided in this request", resource_metadata="https://mcp.supabase.com/.well-known/oauth-protected-resource/mcp?project_ref=[project]"
│
▲ Server returned 401 Unauthorized
│
● Testing OAuth flow (without completing authorization)...
│
■ Connection error: Dynamic client registration failed: HTTP 404
│
└ Debug complete
Edit: MCP connection works in my empty test dir, not in the project folder where I really need it. Go figure...
This works for me (after lots of tries). Please note that this will allow the mcp to have access to ALL projects.
"mcp": {
"supabase": {
"type": "remote",
"url": "https://mcp.supabase.com/mcp",
"headers": {
"Authorization": "Bearer sbp_token"
},
"enabled": true
},
}
This works for me (after lots of tries). Please note that this will allow the mcp to have access to ALL projects.
"mcp": { "supabase": { "type": "remote", "url": "https://mcp.supabase.com/mcp", "headers": { "Authorization": "Bearer sbp_token" }, "enabled": true }, }
This still does not work for me
┌ MCP OAuth Debug
│
● Server: supabase
│
● URL: https://mcp.supabase.com/mcp
│
● Auth status: ○ not authenticated
│
◇ HTTP response: 401 Unauthorized
│
● WWW-Authenticate: Bearer error="invalid_request", error_description="No access token was provided in this request", resource_metadata="https://mcp.supabase.com/.well-known/oauth-protected-resource/mcp"
│
▲ Server returned 401 Unauthorized
│
● Testing OAuth flow (without completing authorization)...
│
■ Connection error: Dynamic client registration failed: HTTP 404
│
└ Debug complete
Having the same issue. Using the token made it work.. but it's a hack.
