diff --git a/images/authentication/supabase-jwt-secret.png b/images/authentication/supabase-jwt-secret.png
new file mode 100644
index 00000000..67cbc1ca
Binary files /dev/null and b/images/authentication/supabase-jwt-secret.png differ
diff --git a/images/authentication/use-supabase-auth.png b/images/authentication/use-supabase-auth.png
new file mode 100644
index 00000000..d77bd2e1
Binary files /dev/null and b/images/authentication/use-supabase-auth.png differ
diff --git a/images/installation/create-new-instance.png b/images/installation/create-new-instance.png
new file mode 100644
index 00000000..8f8a6b2f
Binary files /dev/null and b/images/installation/create-new-instance.png differ
diff --git a/images/integration-2.png b/images/integration-2.png
deleted file mode 100644
index 52af51fa..00000000
Binary files a/images/integration-2.png and /dev/null differ
diff --git a/images/integration-4.png b/images/integration-4.png
deleted file mode 100644
index 692c36a6..00000000
Binary files a/images/integration-4.png and /dev/null differ
diff --git a/installation/authentication-setup/supabase-auth.mdx b/installation/authentication-setup/supabase-auth.mdx
index e4faed15..b654ed1e 100644
--- a/installation/authentication-setup/supabase-auth.mdx
+++ b/installation/authentication-setup/supabase-auth.mdx
@@ -17,14 +17,14 @@ You can implement various types of auth:
* [Example](https://github.com/powersync-ja/powersync-jwks-example/)
* Experimental: We've also heard from the community that Supabase's newly released [support for external auth providers works](https://supabase.com/blog/third-party-auth-mfa-phone-send-hooks), but we don't have any examples for this yet.
-
-The "Supabase Auth" setting no longer works for Supabase projects created after 25 November 2024. While we are working with Supabase on a fix, please apply this workaround: https://releases.powersync.com/announcements/important-notice-for-supabase-users-using-supabase-jwts
-
+To implement either **Supabase Auth** or **Anonymous Sign-Ins**, enable the "Use Supabase Auth" setting on the PowerSync instance, and provide your Supabase JWT Secret. Internally, this setting allows PowerSync to verify and use Supabase JWTs directly using HS256 and the provided secret.
-To implement either Supabase Auth or Anonymous Sign-Ins, enable the "Use Supabase Auth" setting on the PowerSync instance. (This is also [covered in the Supabase & PowerSync integration guide](/integration-guides/supabase-+-powersync#configuring-powersync))
+Enabling Supabase Auth is also [covered in the Supabase & PowerSync integration guide](/integration-guides/supabase-+-powersync#configuring-powersync).
-Internally, Supabase auth signs the token using HS256, using a secret available as `current_setting('app.settings.jwt_secret')` on the database.
+To rotate the secret, generate a new secret in the your Supabase project's API Settings:
-To rotate the secret, generate a new secret in the Supabase project settings. The new secret will be automatically picked up by PowerSync within 5 minutes. In this period, some authentication failures are expected.
+
+ 
+
-The Supabase user UUID will be available as `token_parameters.user_id`. To use a different identifier as the user ID in sync rules (for example user email), use [Custom authentication](/installation/authentication-setup/custom).
+The Supabase user UUID will be available as `request.user_id()` in Sync Rules. To use a different identifier as the user ID in sync rules (for example user email), use [Custom authentication](/installation/authentication-setup/custom).
diff --git a/self-hosting/appendix/database-connection.mdx b/self-hosting/appendix/database-connection.mdx
index 151e3482..8dba9efb 100644
--- a/self-hosting/appendix/database-connection.mdx
+++ b/self-hosting/appendix/database-connection.mdx
@@ -8,33 +8,34 @@ Below, you can find provider-specific instructions to obtain connection details
-1. In your Supabase dashboard, navigate to **"Project Settings"** \-> **"Database" -> "Connection string**" and select the "URI" tab.
-2. Uncheck the "**Display connection pooler**" checkbox. PowerSync needs to connect to the database directly and cannot use the pooler.
-
-
- 
-
-1. Copy the connection string. The hostname should be `db..supabase.co`, and not, for example, `aws-0-us-west-1.pooler.supabase.com`.
-2. Paste this URI into the `uri` field under `replication` \> `connections` in your configuration file, for example:
-
-```yaml
-# config.yaml
-
-replication:
- connections:
- - type: postgresql
- uri: postgresql://postgres:[YOUR-PASSWORD]@db.abc.supabase.co:5432/postgres
-```
-
-1. Replace `[YOUR-PASSWORD]` with the password for the `postgres` user in your Supabase database.
- * Supabase also [refers to this password](https://supabase.com/docs/guides/database/managing-passwords) as the _database password_ or _project password_.
-2. PowerSync has the Supabase CA certificate pre-configured — `verify-full` SSL mode can be used directly, without any custom certificates.
-3. Under `client_auth` enable Supabase Auth:
-
-```yaml
-client_auth:
- supabase: true
-```
+ 1. In your Supabase dashboard, navigate to **"Project Settings"** \-> **"Database" -> "Connection string**" and select the "URI" tab.
+ 2. Uncheck the "**Display connection pooler**" checkbox. PowerSync needs to connect to the database directly and cannot use the pooler.
+
+
+
+ 3. Copy the connection string. The hostname should be `db..supabase.co`, and not, for example, `aws-0-us-west-1.pooler.supabase.com`.
+ 4. Paste this URI into the `uri` field under `replication` \> `connections` in your configuration file, for example:
+
+ ```yaml
+ # config.yaml
+
+ replication:
+ connections:
+ - type: postgresql
+ uri: postgresql://postgres:[YOUR-PASSWORD]@db.abc.supabase.co:5432/postgres
+ ```
+
+ 5. Replace `[YOUR-PASSWORD]` with the password for the `postgres` user in your Supabase database.
+ * Supabase also [refers to this password](https://supabase.com/docs/guides/database/managing-passwords) as the _database password_ or _project password_.
+ 6. PowerSync has the Supabase CA certificate pre-configured — `verify-full` SSL mode can be used directly, without any custom certificates.
+ 7. Under `client_auth` enable Supabase Authentication:
+
+ ```yaml
+ client_auth:
+ supabase: true
+ supabase_jwt_secret: [secret]
+ ```
+ For more details, see [Supabase Auth](/installation/authentication-setup/supabase-auth).
Add your connection details under `replication` \> `connections` in your configuration file.
diff --git a/self-hosting/installation/client-side-setup.mdx b/self-hosting/installation/client-side-setup.mdx
index 4edcd14b..0e750d67 100644
--- a/self-hosting/installation/client-side-setup.mdx
+++ b/self-hosting/installation/client-side-setup.mdx
@@ -97,7 +97,7 @@ If you are using Supabase or Firebase authentication, PowerSync can verify JWTs
### Supabase Auth
-Under `client_auth` in your config file, enable `supabase` authentication:
+Under `client_auth` in your config file, enable Supabase authentication:
```yaml
# config.yaml
@@ -105,6 +105,7 @@ Under `client_auth` in your config file, enable `supabase` authentication:
client_auth:
# Enable this if using Supabase Auth
supabase: true
+ supabase_jwt_secret: [secret]
```
For more details, see [Supabase Auth](/installation/authentication-setup/supabase-auth).
diff --git a/self-hosting/installation/powersync-service-setup.mdx b/self-hosting/installation/powersync-service-setup.mdx
index 77143cb7..eb31abc1 100644
--- a/self-hosting/installation/powersync-service-setup.mdx
+++ b/self-hosting/installation/powersync-service-setup.mdx
@@ -113,6 +113,7 @@ sync_rules:
client_auth:
# Enable this if using Supabase Auth
# supabase: true
+ # supabase_jwt_secret: [secret]
# JWKS URIs can be specified here.
jwks_uri: http://demo-backend:6060/api/auth/keys
diff --git a/snippets/create-cloud-instance.mdx b/snippets/create-cloud-instance.mdx
index d98dd36a..29bb6e62 100644
--- a/snippets/create-cloud-instance.mdx
+++ b/snippets/create-cloud-instance.mdx
@@ -1,7 +1,7 @@
1. In the [PowerSync Dashboard](/usage/tools/powersync-dashboard) Project tree, click on "**Create new instance**":
- 
+ 
2. Give your instance a name, such as "Testing".
diff --git a/snippets/supabase-database-connection.mdx b/snippets/supabase-database-connection.mdx
index 586a86ec..02301e62 100644
--- a/snippets/supabase-database-connection.mdx
+++ b/snippets/supabase-database-connection.mdx
@@ -11,14 +11,10 @@
* Supabase also [refers to this password](https://supabase.com/docs/guides/database/managing-passwords) as the _database password_ or _project password_.
* PowerSync has the Supabase CA certificate pre-configured — `verify-full` SSL mode can be used directly, without any custom certificates.
2. Click **"Test Connection"** and fix any errors.
-3. Under the **"Client Auth"** tab, enable **"Use Supabase Auth"**:
-
- 
-
+3. Under the **"Client Auth"** tab, enable **"Use Supabase Auth"** and enter your Supabase **JWT Secret**:
+
+ 
+
4. Click **"Save".**
-
-The "Supabase Auth" setting no longer works for Supabase projects created after 25 November 2024. While we are working with Supabase on a fix, please apply this workaround: https://releases.powersync.com/announcements/important-notice-for-supabase-users-using-supabase-jwts
-
-
PowerSync deploys and configures an isolated cloud environment for you, which will take a few minutes to complete.
\ No newline at end of file