Supabase is releasing @supabase/server in public beta, a new package that eliminates repetitive boilerplate in Edge Functions. After analyzing 25,000 deployed functions, the team found developers repeatedly writing the same setup code for JWT verification, client creation, CORS handling, and auth context wiring. The package introduces a SupabaseContext with pre-configured user-scoped and admin Supabase clients, verified user identity, and JWT claims. A withSupabase wrapper enables declarative access control — you declare who can call an endpoint and auth is handled before your handler runs. It works across Supabase Edge Functions, Cloudflare Workers, Hono, and Bun using standard Web API patterns. The package also handles the migration to asymmetric JWT signing keys and new API keys automatically, removing the need for manual jose/JWKS configuration. Composable primitives are available for advanced use cases like per-route auth or MCP servers.
Table of contents
How it works #What's in the context #Declarative access control #Adopting new auth keys without the boilerplate #Same code, every runtime #Composable primitives #One pattern for humans and AI agents #FAQ #Get started #4 Comments
Sort: