Hello,
currently we are trying to connect a Supabase MCP with Retool agent but apparently unnecessary parameters(such as access type and audience and prompt) are getting passed along with the authentication strings therefore Supabase has been rejecting the auth requests. Was anyone able to resolve through this?
Best Regards,
Allen
Hey, I have the same issue, getting the following error when authenticating with OAuth:
{"message":": Unrecognized key(s) in object: 'access_type', 'prompt', 'audience'"}
I think Retool should provide a way to customise the payload sent during authentication.
Hello!
Thanks for flagging this - it looks like whether configuring OAuth in a standard REST API or MCP in Retool we always send those parameters even if they are empty. For a workaround now, to be able to at least test the integration, you will have to manually remove them from the url when you come across that error.
I have flagged this with our product team who will take a look at this.
Thanks!
Ollie
Having investigated this in more depth we don’t believe Supabase complies with the OAuth specification here. It should not be erroring when sending those parameters, but be treating them as unknown if they don’t currently support them.
This would be one to raise with them to ensure they have their MCP OAuth configured correctly!
Raised [OAuth][Retool] authentication spec possibly non-complying with OAuth spec · Issue #177 · supabase-community/supabase-mcp · GitHub . will get back to here if anything gets updated. in the meantime, @Ollie_Clyde is there any workaround recommended by a Retool team?
Any news on this topic? @Ollie_Clyde
Hey @Luis_Oliva_Fontecha - welcome to the community and thanks for reaching out. To Ollie's point, we are unlikely to modify the functionality of our core OAuth flow. That said, we've received a few different requests to support custom authentication flows for MCP resources, which would provide a decent workaround. I'll keep everybody in the loop as that conversation continues internally!