Supabase x mcp-use
Luigi Pederzani
Co-founder
Building MCP Servers on Supabase with mcp-use
We at mcp-use are huge fans of Supabase. We love what they do for the developer community. They were one of the first companies to release an MCP server. Supabase's MCP server is used by many developers today.
This proves that MCP is not just a trend. It solves real problems. It gives real value to people building AI tools.
Supabase is also very involved in open source software. This is a core value we share with them. We believe in building tools that everyone can use and improve. This collaboration feels natural and right.
In this guide, we will show you how to build and deploy an MCP server on Supabase. We will use the mcp-use framework to make this easy. We will also show you how to add authentication to your server using Supabase Auth.
What is mcp-use?
mcp-use is a complete framework for building MCP servers with TypeScript. It builds upon the official Model Context Protocol SDK. We made it to give developers a better experience.
The official SDK is great, but we wanted to add more features. mcp-use supports the Edge Runtime. This means your server can run in places where standard Node.js does not work well. It also supports the ChatGPT Apps SDK. This lets you build apps that work directly with ChatGPT.
We also added support for MCP-UI. This helps you build user interfaces for your MCP tools.
mcp-use supports all official MCP features. We test it rigorously. It achieves a score of 100 out of 100 on the official MCP Conformance Tests. This means you can trust it to work correctly with any MCP client.
We built mcp-use to be the best way to build MCP servers in TypeScript. Whether you are building a simple tool or a complex agent, mcp-use has the features you need.
The Challenge: Node.js vs Edge
Building an MCP server for the edge was not simple. The official MCP SDK for TypeScript uses Express. Express is a very popular web framework for Node.js. It works well in a standard server environment.
However, Supabase Edge Functions run on Deno. Deno is a different runtime for JavaScript and TypeScript. It is designed to be secure and fast. But it does not support all Node.js features out of the box. Express relies on some of these Node.js features. This makes it hard to run the official SDK on Supabase Edge Functions.
We wanted mcp-use to work everywhere. We wanted it to work on your local computer, on a standard server, and on the edge.
To solve this, we made a big change. We made mcp-use use Hono instead of Express for edge and serverless environments. Hono is a web framework designed for the edge. It is very fast and lightweight. It works perfectly in Deno and other edge runtimes.
When you use mcp-use in a full Node.js environment, it can still work like a standard Node app. But when you deploy to Supabase, it automatically uses the Hono adapter. This gives you the best of both worlds. You get the rich features of MCP and the speed and compatibility of the edge.
Deploying on Supabase
Deploying your MCP server to Supabase is straightforward with mcp-use. Supabase Edge Functions provide a great place to host your server. They are fast, scalable, and easy to manage.
For the complete step-by-step guide, see our Supabase deployment documentation.
Here is how the deployment process works.
Setting Up Your Project
First, you need to create your project. We have a tool that sets everything up for you. You can run this command in your terminal:
npx create-mcp-use-app@latest my-supabase-appThis creates a new directory with a basic MCP server. It installs all the dependencies you need.
Next, you need to initialize your Supabase project. You use the Supabase CLI for this. If you do not have it, you can install it easily. Once installed, you run:
supabase initThis sets up the Supabase configuration in your project. Then you link your local project to your Supabase project in the cloud:
supabase link --project-ref YOUR_PROJECT_IDYou can find your project ID in your Supabase dashboard.
Using the Deployment Script
To make deployment even easier, we created an automated script. This script handles all the complex steps for you. It checks if you are logged in. It builds your application. It sets the necessary environment variables. It deploys the function to Supabase.
You can run this script with a single command:
curl -fsSL https://url.mcp-use.com/supabase | bashThis script saves you a lot of time. It ensures that everything is configured correctly. It sets up the MCP_URL and MCP_SERVER_URL variables. These are important for your server to work correctly.
If you prefer to do things manually, you can. You would need to build your project, copy the files to the function directory, set the secrets in Supabase, and then deploy. The script just does all of this for you in one go.
Once deployed, your server is live. You can connect to it from any MCP client. You can use the Supabase URL to access your tools.
Securing Your Server with Supabase Auth
Security is very important. You do not want just anyone to access your MCP server. You want to control who can use your tools.
Supabase provides excellent authentication features. They make it easy to add user login and permission checks. mcp-use integrates directly with Supabase Auth. For the full configuration options, see our Supabase authentication provider documentation.
Supabase has a great philosophy on authentication. They believe you should not build your own auth system from scratch. It is hard to get right. It is easy to make mistakes that leave your system vulnerable. Instead, you should use a trusted provider.
Adding Authentication
With mcp-use, adding Supabase Auth is simple. You do not need to write complex auth logic. You just configure the auth provider in your server setup.
Here is an example of how to do it:
import { McpServer, supabase } from 'mcp-use/server'
const server = new McpServer({
name: 'secure-server',
oauth: supabase({
projectId: process.env.SUPABASE_PROJECT_ID,
})
})That is it. Now your server is protected. It will require a valid token for requests.
If you are using the newer ES256 tokens from Supabase, you do not even need a secret key. The system handles verification automatically using public keys. This is more secure and easier to manage.
If you are using older HS256 tokens, you just provide the JWT secret. The configuration is flexible.
User Context
When a user calls a tool on your server, you often need to know who they are. You might want to limit what they can do based on their role. Or you might want to log who did what.
mcp-use gives you access to the user context. In your tool implementation, you can see the user's details.
server.tool({
name: "get-profile",
cb: async (params, context) => {
const user = context.auth;
return {
content: [{ type: "text", text: `Hello ${user.email}` }]
};
}
})The context.auth object contains information about the authenticated user. You get their ID, email, and roles. This lets you build secure tools that respect user permissions.
For example, you could have a tool that updates a database. You can check if the user has the "admin" role before allowing the update. If not, you return an error. This keeps your data safe.
Why This Matters
Combining MCP with Supabase Auth is powerful. It lets you build enterprise-grade agents. You can deploy these agents in your organization. You can trust that only authorized people can use them.
It also simplifies the developer experience. You use the same Supabase project for your data, your edge functions, and your authentication. Everything is in one place. mcp-use connects the dots.
Conclusion
We are excited about the possibilities of Supabase and MCP. Together, they provide a robust platform for building AI applications.
Supabase gives you a scalable backend and easy deployment. MCP gives you a standard way to connect AI models to your tools. mcp-use brings it all together with a developer-friendly framework.
By using mcp-use on Supabase, you get the best of both worlds. You get a server that runs on the edge and you get easy authentication.
