You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: installation/authentication-setup.mdx
+33-9Lines changed: 33 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -3,35 +3,59 @@ title: "Authentication Setup"
3
3
sidebarTitle: Overview
4
4
---
5
5
6
-
PowerSync clients (i.e. apps used by your users that embed the PowerSync Client SDK) authenticate against the server-side [PowerSync Service](/architecture/powersync-service) using [JWTs](https://jwt.io/) (signed tokens) that are generated by your application backend.
6
+
# PowerSync Authentication Overview
7
+
8
+
PowerSync uses JSON Web Tokens (JWTs) for secure client authentication. These tokens are generated by your application backend and used by PowerSync clients to authenticate against the PowerSync Service.
9
+
10
+
## Initial Architecture
11
+
12
+
Before implementing PowerSync, a typical application architecture might look like this:
7
13
8
-
Before using PowerSync, an application's existing architecture may look like this:
The [PowerSync Service](/architecture/powersync-service) uses database native credentials and authenticates directly against the [backend database](/installation/database-setup) using the configured credentials:
18
+
## PowerSync Service Authentication
19
+
20
+
The PowerSync Service maintains a direct connection to your backend database using native credentials:
When the PowerSync client SDK is included in an app project, it uses [existing app-to-backend](/installation/app-backend-setup) authentication to [retrieve a JSON Web Token (JWT)](/installation/authentication-setup):
26
+
## Client Authentication Flow
27
+
28
+
### Step 1: JWT Retrieval
29
+
When integrated into your app, the PowerSync client SDK uses your existing app-to-backend authentication to obtain a JSON Web Token:
Users are not persisted in PowerSync, and there is no server-to-server communication used for client authentication.
42
+
<Note>
43
+
PowerSync does not persist user information, and there is no server-to-server communication for client authentication.
44
+
</Note>
45
+
46
+
## Authentication Options
32
47
33
-
Some authentication providers already generate JWTs for users which PowerSync can verify directly — see the documentation for individual providers (e.g. [Supabase Auth](/installation/authentication-setup/supabase-auth), [Firebase Auth](/installation/authentication-setup/firebase-auth))
48
+
### Pre-configured Providers
49
+
Some authentication providers generate JWTs that PowerSync can verify directly:
For others, some backend code must be added to your application backend to generate the JWTs needed for PowerSync — see [Custom](/installation/authentication-setup/custom) authentication.
53
+
### Custom Authentication
54
+
For other authentication systems, you'll need to add JWT generation code to your backend. See our [Custom](/installation/authentication-setup/custom) authentication guide for details.
36
55
37
-
For a quick way to get up and running during development, you can generate [Development Tokens](/installation/authentication-setup/development-tokens) directly from the [PowerSync Dashboard](/usage/tools/powersync-dashboard) (PowerSync Cloud) or locally with a self-hosted setup.
56
+
### Development Tokens
57
+
<Tip>
58
+
For quick development and testing, you can generate [Development Tokens](/installation/authentication-setup/development-tokens) through the:
![mintlify[bot]](https://avatars.githubusercontent.com/in/222410?v=4&size=40){kind=avatar}
0 commit comments