Supascale
Sign Up

Configuring Providers

Step-by-step guide to configure OAuth providers in Supascale.

This guide walks you through configuring OAuth providers for your Supabase projects in Supascale.

Prerequisites

Before configuring a provider, you need to:

  1. Create an OAuth application in the provider's developer console
  2. Note down the Client ID and Client Secret
  3. Have your Supascale project created and running

Configuration Steps

Step 1: Navigate to Auth Settings

  1. Open your project in Supascale
  2. Go to Settings > Auth Providers
  3. You'll see a grid of available providers

Step 2: Select a Provider

Click on the provider you want to configure. A configuration dialog will appear.

Step 3: Enter Credentials

Fill in the required fields:

  • Client ID: The public identifier for your OAuth app
  • Client Secret: The secret key (never share this publicly)

Some providers require additional configuration:

  • GitLab: Optionally specify your self-hosted GitLab URL
  • Azure AD: Enter your Tenant URL
  • Keycloak: Enter your Realm URL

Step 4: Copy the Redirect URL

The dialog displays the callback URL you need to configure in your provider's developer console:

http://your-domain:PORT/auth/v1/callback

Copy this URL and add it to your OAuth app's authorized redirect URIs.

Step 5: Save and Apply

  1. Click Save to store the configuration
  2. Supascale encrypts and saves your credentials
  3. The project configuration is updated

Important: Your project needs to restart for OAuth changes to take effect. If your project is running, you'll see a warning about this.

Enabling/Disabling Providers

You can enable or disable configured providers without removing the credentials:

  1. Go to Settings > Auth Providers
  2. Click on a configured provider
  3. Toggle the Enabled switch
  4. Save the changes

Removing a Provider

To completely remove a provider:

  1. Go to Settings > Auth Providers
  2. Click on the configured provider
  3. Click Remove Configuration
  4. Confirm the removal

Security Notes

  • Client secrets are encrypted using AES-256 before storage
  • Secrets are masked in the UI (showing only first/last 4 characters)
  • Configuration changes are logged in the activity history
  • Never share your client secrets or commit them to version control

Example: Configuring Google OAuth

  1. Go to Google Cloud Console
  2. Create a new project or select existing
  3. Navigate to APIs & Services > Credentials
  4. Click Create Credentials > OAuth client ID
  5. Select Web application
  6. Add your Supascale callback URL to Authorized redirect URIs
  7. Copy the Client ID and Client Secret
  8. Enter them in Supascale's Google provider configuration
  9. Save and restart your project

Troubleshooting

Provider not working after configuration

  • Ensure your project has restarted
  • Verify the callback URL matches exactly in both Supascale and the provider console
  • Check that the OAuth app is in production mode (not test mode)

Invalid redirect URI error

  • The callback URL in the provider console must match exactly
  • Include the correct port number
  • Ensure no trailing slashes

Authentication fails silently

  • Check the Supabase Auth logs in your project
  • Verify the client secret hasn't been rotated in the provider console