Supabase MCP mit OAuth 2.1

Sichere Methode (empfohlen von Supabase)

1. OAuth Client erstellen

Supabase Dashboard → Authentication → OAuth:

Create new OAuth App
Name: "4115939bdc412c5f7b0c4598fcf29b77"
Redirect URL: http://localhost:3000/auth/callback
Scopes: database:read database:write auth:read auth:write
Client ID und Secret kopieren

2. MCP Konfiguration mit OAuth

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp.supabase.com/mcp?project_ref=ekbpexbhuochrplzorce"
      ],
      "env": {
        "SUPABASE_CLIENT_ID": "d69fb339-4514-428e-9c54-2342100ad523",
        "SUPABASE_CLIENT_SECRET": "fdsfTpgnEhYjedv20czYfXo04ai6EqbhIlaal5fVGFk"
      }
    }
  }
}

3. Development Branch verwenden

Für Tests:

Entwicklungs-Branch erstellen
Keine Production-Daten gefährden
Separate Test-Datenbank

4. Sicherheits-Features

{
  "mcpServers": {
    "supabase": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mcp.supabase.com/mcp?project_ref=ekbpexbhuochrplzorce"],
      "env": {
        "SUPABASE_CLIENT_ID": "DEINE_CLIENT_ID",
        "SUPABASE_CLIENT_SECRET": "DEINE_CLIENT_SECRET"
      },
      "logging": {
        "level": "info",
        "file": "mcp-supabase.log"
      },
      "security": {
        "rate_limit": {
          "requests_per_minute": 100
        },
        "allowed_operations": ["read", "write", "schema"]
      }
    }
  }
}

5. Serverseitige Prüfungen

In Windsurf Konfiguration:

{
  "mcpServers": {
    "supabase": {
      "validation": {
        "check_rls_policies": true,
        "validate_schema_changes": true,
        "backup_before_major_changes": true
      }
    }
  }
}

Vorteile dieser Methode:

✅ OAuth 2.1 statt Service Keys ✅ Scoped Permissions (minimal Rechte) ✅ Row Level Security (RLS) respektiert ✅ Development-Branch sicher ✅ Logging und Monitoring ✅ Keine Production-Risiken

2.0 KiB Raw Blame History