Custom Access Tokens for MCP
we are thinking of building a agent that searches through our BD through the supabase mcp to do data analysis for our customers. Since its customer facing we want to enable RLS or read controls on what data it can read. I noticed that supabase does not offer custom access token or restricing view prevaliages right now. jsut dowong if this is in the works or any workarounds we can do?
Thank you!!!
4 Replies
was thinking can we pass in an jwt token with the mcp request and use RLS on it?
I've not seen MCP used as a direct interface for user access. Supabase use of RLS depends on PostgREST REST API to take a JWT and set Postgres config variables to the role, user id, etc. that can then be read in policies. MCP allows direct SQL access so just adding a JWT to it would not do much.
So like supabase is not considering adding customizable auth or JWT to MCP calls in the near future?
I see
Yeaa I was thinking more of establishing the MCP connection with role, user id through REST API? Is that possible with supbase MCP?
I have no idea what their plan is for MCP. Is there even a concept for MCP's to have custom tokens for different users using the MCP?
The repository is here https://github.com/supabase-community/supabase-mcp if you want to see what is going on or suggest a feature.
Seems like you want to just use server side code to do searches on data where you control what the user gets either in your code (and use SQL or service_role) or just do REST API requests for what you want.