diff --git a/apps/x/apps/renderer/src/components/connectors-popover.tsx b/apps/x/apps/renderer/src/components/connectors-popover.tsx
index 78aee6e4..fe1d58ae 100644
--- a/apps/x/apps/renderer/src/components/connectors-popover.tsx
+++ b/apps/x/apps/renderer/src/components/connectors-popover.tsx
@@ -2,7 +2,7 @@
 
 import * as React from "react"
 import { useState, useEffect, useCallback } from "react"
-import { AlertTriangle, Loader2, Mic, Mail, MessageSquare } from "lucide-react"
+import { AlertTriangle, Loader2, Mic, Mail, MessageSquare, User } from "lucide-react"
 
 import {
   Popover,
@@ -505,6 +505,17 @@ export function ConnectorsPopover({ children, tooltip, open: openProp, onOpenCha
             </div>
           ) : (
             <>
+              {/* Rowboat Account */}
+              {providers.includes('rowboat') && (
+                <>
+                  <div className="px-2 py-1.5">
+                    <span className="text-xs font-medium text-muted-foreground">Account</span>
+                  </div>
+                  {renderOAuthProvider('rowboat', 'Rowboat', <User className="size-4" />, 'Connect your Rowboat account')}
+                  <Separator className="my-2" />
+                </>
+              )}
+
               {/* Email & Calendar Section - Google */}
               {providers.includes('google') && (
                 <>
diff --git a/apps/x/packages/core/src/auth/oauth-client.ts b/apps/x/packages/core/src/auth/oauth-client.ts
index 0442d7d6..16648256 100644
--- a/apps/x/packages/core/src/auth/oauth-client.ts
+++ b/apps/x/packages/core/src/auth/oauth-client.ts
@@ -46,13 +46,15 @@ export async function discoverConfiguration(
     console.log(`[OAuth] Using cached configuration for ${issuerUrl}`);
     return cached;
   }
-
   console.log(`[OAuth] Discovering authorization server metadata for ${issuerUrl}...`);
   const config = await client.discovery(
     new URL(issuerUrl),
     clientId,
     undefined, // no client_secret (PKCE flow)
-    client.None() // PKCE doesn't require client authentication
+    client.None(), // PKCE doesn't require client authentication
+    {
+      execute: [client.allowInsecureRequests],
+    }
   );
 
   configCache.set(cacheKey, config);
@@ -110,7 +112,10 @@ export async function registerClient(
       client_name: clientName,
       scope: scopes.join(' '),
     },
-    client.None()
+    client.None(),
+    {
+      execute: [client.allowInsecureRequests],
+    },
   );
 
   const metadata = config.clientMetadata();
diff --git a/apps/x/packages/core/src/auth/providers.ts b/apps/x/packages/core/src/auth/providers.ts
index 02f78fc5..fc3d302b 100644
--- a/apps/x/packages/core/src/auth/providers.ts
+++ b/apps/x/packages/core/src/auth/providers.ts
@@ -1,5 +1,7 @@
 import { z } from 'zod';
 
+const SUPABASE_PROJECT_URL = 'http://127.0.0.1:54321';
+
 /**
  * Discovery configuration - how to get OAuth endpoints
  */
@@ -51,6 +53,20 @@ export type ProviderConfigEntry = ProviderConfig[string];
  * All configured OAuth providers
  */
 const providerConfigs: ProviderConfig = {
+  rowboat: {
+    discovery: {
+      mode: 'issuer',
+      issuer: `${SUPABASE_PROJECT_URL}/.well-known/oauth-authorization-server`,
+    },
+    client: {
+      mode: 'dcr',
+    },
+    scopes: [
+      "openid",
+      "email",
+      "profile",
+    ],
+  },
   google: {
     discovery: {
       mode: 'issuer',