Supabase adds Custom OIDC

Supabase has added custom OpenID Connect providers to Supabase Auth, so developers can plug in identity systems that were not on its built-in list. (supabase.com) OpenID Connect is a standard way to let one service verify who a user is through another service, the same basic pattern behind “Sign in with Google.” Supabase said its new feature accepts any standards-compliant OpenID Connect provider and runs it through the same login flow and client libraries as its built-in options. (supabase.com) Supabase’s documentation says custom providers use a `custom:` prefix, such as `custom:my-idp`, and that projects can add up to three of them before contacting support for more. The company also distinguishes between generic OAuth 2 providers, where developers enter endpoints by hand, and OpenID Connect providers, where Supabase can discover endpoints from an issuer URL. (supabase.com) The change expands an authentication product that already ships with more than 20 built-in providers, including Google, GitHub, Apple, Microsoft Azure, GitLab, Slack, Spotify, WorkOS and Zoom. Before this release, Supabase said teams whose identity provider was not on that list were effectively blocked from using the same native setup. (supabase.com, supabase.com) Supabase framed the new option around enterprise and regional login requirements, including SAML-to-OpenID Connect bridges, government or industry-specific identity providers, and self-hosted GitHub Enterprise deployments. Those are the kinds of setups that often sit outside consumer-focused social login menus but still need single sign-on in production apps. (supabase.com) The release also fits a broader identity push at Supabase. In December 2025, the company added OAuth 2.1 and OpenID Connect server features so a Supabase project could act as an identity provider for other apps, partners and enterprise single sign-on systems. (supabase.com, supabase.com) Supabase already had a separate “third-party auth” path for providers such as Auth0, where its APIs trust tokens issued elsewhere. That system carries technical limits, including a requirement for asymmetrically signed JSON Web Tokens exposed through OpenID Connect discovery, and pricing tied to third-party monthly active users. (supabase.com, supabase.com) The new custom provider feature is narrower than that token-trust model: it gives developers another way to start sign-in flows inside Supabase Auth without waiting for Supabase to add a first-class integration. For teams building full-stack apps on Supabase, that means fewer custom workarounds in the part of the stack users see first: the login screen. (supabase.com, supabase.com)