You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: installation/authentication-setup.mdx
+22-1Lines changed: 22 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -30,7 +30,28 @@ The PowerSync client SDK uses the retrieved JWT to authenticate directly against
30
30
31
31
Users are not persisted in PowerSync, and there is no server-to-server communication used for client authentication.
32
32
33
-
Some authentication providers already generate JWTs for users which PowerSync can verify directly — see the documentation for individual providers (e.g. [Supabase Auth](/installation/authentication-setup/supabase-auth), [Firebase Auth](/installation/authentication-setup/firebase-auth))
33
+
## Common Authentication Providers
34
+
35
+
PowerSync supports JWT-based authentication from various providers. The table below shows commonly used authentication providers, their JWKS URLs, and any specific configuration requirements.
|**Clerk**|`https://{yourClerkDomain}/.well-known/jwks.json`|Additional configuration may be required |[Clerk Documentation](https://clerk.com/docs/backend-requests/making/jwt-templates#create-a-jwt-template)|
43
+
|**Stytch**|`https://{live_or_test}.stytch.com/v1/sessions/jwks/{project-id}`| Additional configuration may be required |[Stytch Documentation](https://stytch.com/docs/api/jwks-get)|
44
+
|**Keycloak**|`https://{your-keycloak-domain}/auth/realms/{realm-name}/protocol/openid-connect/certs`| Additional configuration may be required |[Keycloak Documentation](https://documentation.cloud-iam.com/how-to-guides/configure-remote-jkws.html)|
45
+
|**Amazon Cognito**|`https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json`| Additional configuration may be required |[Cognito Documentation](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html)|
46
+
|**Azure AD**|`https://login.microsoftonline.com/{tenantId}/discovery/v2.0/keys`| Additional configuration may be required |[Azure AD Documentation](https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens)|
47
+
|**Google Identity**|`https://www.googleapis.com/oauth2/v3/certs`| Additional configuration may be required |[Google Identity Documentation](https://developers.google.com/identity/openid-connect/openid-connect#discovery)|
48
+
|**SuperTokens**|`https://{YOUR_SUPER_TOKENS_CORE_CONNECTION_URI}/.well-known/jwks.json`| Additional configuration may be required |[SuperTokens Documentation](https://supertokens.com/docs/quickstart/integrations/aws-lambda/session-verification/using-jwt-authorizer)|
49
+
|**WorkOS**|`https://api.workos.com/sso/jwks/{YOUR_CLIENT_ID}`| Additional configuration may be required |[WorkOS Documentation](https://workos.com/docs/reference/user-management/session-tokens/jwks)|
50
+
|**Custom JWT**| Your own JWKS endpoint | See custom auth requirements |[Custom Auth Setup](/installation/authentication-setup/custom)|
51
+
52
+
## Authentication Options
53
+
54
+
Some authentication providers already generate JWTs for users which PowerSync can verify directly — see the documentation for individual providers (e.g. [Supabase Auth](/installation/authentication-setup/supabase-auth), [Firebase Auth](/installation/authentication-setup/firebase-auth)).
34
55
35
56
For others, some backend code must be added to your application backend to generate the JWTs needed for PowerSync — see [Custom](/installation/authentication-setup/custom) authentication.
0 commit comments