Building Supabase-Like Oauth Authentication for Mcp Servers

Posted4 months agoActive4 months ago

pmig

34 points

3 comments

hyprmcp.comTechstory

supportivepositive

Debate

10/100

OauthMcp ServersAuthenticationSecurity

Key topics

Oauth

Mcp Servers

Authentication

Security

The post discusses building Supabase-like OAuth authentication for MCP servers, and the discussion revolves around the usefulness and clarity of the blog post.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

21h

Peak period

20-22h

Avg / period

Key moments

01Story posted
Sep 4, 2025 at 9:18 AM EDT
4 months ago
Step 01
02First comment
Sep 5, 2025 at 6:38 AM EDT
21h after posting
Step 02
03Peak activity
3 comments in 20-22h
Hottest window of the conversation
Step 03
04Latest activity
Sep 5, 2025 at 6:51 AM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (3 comments)

Showing 3 comments

mooreds

4 months ago

1 reply

Disclosure, I work for an auth provider (details in profile).

This was a great read. Very straightforward, explaining how to layer on all the functionality that is optional for an OAuth2 server but required by MCP[0]. I also liked the test MCP server[1] they provide, which will be useful for anyone else running an MCP gateway. I also liked the real world lessons toward the end, including the public/private client note.

They omitted some commercial OAuth servers out there with MCP support. Not sure if that was intentional or not. I'm aware of Stytch and WorkOS, but there may be others.

I had a question for the greater HN community, though. How many of you are using MCP with OAuth authentication for production use cases? Not MCP with OAuth for exploration or MCP without OAuth or MCP over stdio.

I've been looking to talk to folks about this tech and having a hard time finding them. I'm not sure if it is because I'm talking to the wrong people, asking the wrong questions, if MCP is in early days, or if MCP is a fad. (I don't think the last one is the case given the activity in the spec and the discord listed on the communication page[2], but include it for completeness.)

If you are actively working on MCP with OAuth in production contexts, would love to learn more about where you're hanging out.

0: https://modelcontextprotocol.io/specification/2025-06-18/bas...

1: https://github.com/hyprmcp/mcp-who-am-i/

2: https://modelcontextprotocol.io/community/communication

pmigAuthor

4 months ago

Thanks for the feedback - highly appreciated, I'll reach out on LinkedIn, although we are trying to talk to the same happy folks, I am happy to exchang notes.

pmigAuthor

4 months ago

Hi HN, I am one of the developers behind the hyprmcp gateway, we summarized all our learnings regarding MCP authentication in this blog post. I am happy to answer related questions here.

View full discussion on Hacker News

ID: 45126950Type: storyLast synced: 11/20/2025, 8:37:21 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN