wire up to local supabase oidc oauth

2026-04-27 09:26:23 +02:00 · 2026-03-06 12:46:33 +05:30 · 2026-03-06 12:46:33 +05:30 · bd6ef0df28
commit bd6ef0df28
parent 0be3e60560
3 changed files with 36 additions and 4 deletions
--- a/apps/x/packages/core/src/auth/oauth-client.ts
+++ b/apps/x/packages/core/src/auth/oauth-client.ts
@ -46,13 +46,15 @@ export async function discoverConfiguration(
    console.log(`[OAuth] Using cached configuration for ${issuerUrl}`);
    return cached;
  }
-
  console.log(`[OAuth] Discovering authorization server metadata for ${issuerUrl}...`);
  const config = await client.discovery(
    new URL(issuerUrl),
    clientId,
    undefined, // no client_secret (PKCE flow)
-    client.None() // PKCE doesn't require client authentication
+    client.None(), // PKCE doesn't require client authentication
+    {
+      execute: [client.allowInsecureRequests],
+    }
  );

  configCache.set(cacheKey, config);
@ -110,7 +112,10 @@ export async function registerClient(
      client_name: clientName,
      scope: scopes.join(' '),
    },
-    client.None()
+    client.None(),
+    {
+      execute: [client.allowInsecureRequests],
+    },
  );

  const metadata = config.clientMetadata();
--- a/apps/x/packages/core/src/auth/providers.ts
+++ b/apps/x/packages/core/src/auth/providers.ts
@ -1,5 +1,7 @@
 import { z } from 'zod';

+const SUPABASE_PROJECT_URL = 'http://127.0.0.1:54321';
+
 /**
 * Discovery configuration - how to get OAuth endpoints
 */
@ -51,6 +53,20 @@ export type ProviderConfigEntry = ProviderConfig[string];
 * All configured OAuth providers
 */
 const providerConfigs: ProviderConfig = {
+  rowboat: {
+    discovery: {
+      mode: 'issuer',
+      issuer: `${SUPABASE_PROJECT_URL}/.well-known/oauth-authorization-server`,
+    },
+    client: {
+      mode: 'dcr',
+    },
+    scopes: [
+      "openid",
+      "email",
+      "profile",
+    ],
+  },
  google: {
    discovery: {
      mode: 'issuer',