This PR syncs the latest troubleshooting guides from the
supabase/troubleshooting repository.
---------
Co-authored-by: github-docs-bot <github-docs-bot@supabase.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Implements comprehensive IdP-initiated login flow support, enabling
organizations to configure SSO without email domains and support
multiple SAML apps under the same domain (e.g., Dev/Staging/Prod
environments).
- Add "Enable SP-initiated login" toggle to SSOConfig.tsx
- IdP-initiated flow is now always available (default)
- SP-initiated flow is opt-in with domain requirement
- Clear in-UI documentation explaining both flows
- Make domains optional (only required when SP-initiated enabled)
- Add form validation: domains required only if SP-initiated is ON
- Fix org-switching bug: form now resets when switching organizations
- Add organization.slug to useEffect dependencies
- Prevent stale SSO config data from previous org being displayed
- **IdP-initiated flow**: Users start login from identity provider
dashboard
- No domain configuration required
- Enables multiple SAML apps per domain
- Recommended default for enterprises
- **SP-initiated flow**: Users start login at supabase.com (opt-in)
- Requires email domain configuration
- Maintains backward compatibility
- **Both flows**: Can be enabled simultaneously for flexible access
- Organizations can now create separate SSO providers for
Dev/Staging/Prod
- Each environment = separate SAML app in IdP
- All using same email domain (e.g., company.com)
- Users access via different IdP app tiles
- No domain conflicts or subdomain requirements
- Add 4 pages to SSO sidebar menu in NavigationMenu.constants.ts:
- Understanding Login Flows (existing, now visible)
- Choosing a Login Flow (existing, now visible)
- Multiple SSO Providers (NEW comprehensive guide)
- Testing and Best Practices (existing, now visible)
Create comprehensive guide covering:
- Multi-environment patterns (Dev/Staging/Prod with same domain)
- Team separation, migration, and acquisition scenarios
- Step-by-step setup for domainless providers
- User access management and IDP app assignment strategies
- Configuration synchronization and best practices
- Troubleshooting common multi-provider issues
Major expansion of testing-best-practices.mdx:
- Fix outdated assumptions (domains no longer always required)
- Add comprehensive login flow testing section:
- IdP-initiated testing (no domains)
- SP-initiated testing (with domains)
- Domainless provider testing (multi-environment pattern)
- Enhance auto-join testing with 8 detailed test phases:
- Idempotency testing (no duplicate memberships)
- Domainless configuration testing
- Re-enablement testing (works on every login)
- Add SSO account restrictions testing section
- Add safe provider deletion testing with 4 test scenarios
- Reorganize final checklist into 6 categorized sections
Update azure.mdx, gsuite.mdx, okta.mdx:
- Remove all "(coming soon)" references
- Add guidance recommending IdP-initiated for multi-environment setups
- Clarify domains are optional for IdP-initiated flow
- Link to new Multiple SSO Providers guide
**Domain Handling:**
- Domains now optional in SSO provider configuration
- Backend: `z.array(...).optional().default([])`
- UI: Domains only required when SP-initiated toggle is ON
- Empty array sent to API when SP-initiated disabled
**Login Flow Logic:**
- IdP-initiated: Always available, uses SAML assertion directly
- SP-initiated: Requires domain lookup, opt-in only
- Both flows can coexist with same SSO provider
**Multi-Provider Support:**
- Each provider has unique ACS URL
- No domain conflicts (IdP-initiated doesn't check domains)
- Enables unlimited providers per email domain
- **Simplifies SSO setup**: No domain configuration needed by default
- **Enables multi-environment**: Dev/Staging/Prod under same domain
- **Improves UX**: One-click login from IdP dashboard
- **Maintains compatibility**: SP-initiated still available as opt-in
- **Better documentation**: Comprehensive guides for all scenarios
## UI
### SSO Disabled
<img width="742" height="329" alt="sso-disabled"
src="https://github.com/user-attachments/assets/73387777-181c-4206-9798-36f0d0790e4e"
/>
### SSO Enabled - IdP-inititated (DEFAULT)
<img width="742" height="1059" alt="sso-enabled-idp"
src="https://github.com/user-attachments/assets/c189e08f-7642-4183-8853-dd5150b8a191"
/>
### SSO Enabled - SP-intitiated
<img width="727" height="1366" alt="sso-enabled-sp"
src="https://github.com/user-attachments/assets/be5ad6dc-4803-446b-ae02-9edcbb5f42cd"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added comprehensive guides for SSO login flow selection, testing best
practices, and configuring multiple providers
* Updated provider-specific setup documentation (Okta, Azure, Google
Workspace) with refined workflows and testing recommendations
* **New Features**
* Enhanced SSO configuration interface with SP-initiated login toggle
and improved email domain management for flexible authentication flows
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Stockton <chris.stockton@supabase.io>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This PR syncs the latest troubleshooting guides from the
supabase/troubleshooting repository.
---------
Co-authored-by: github-docs-bot <github-docs-bot@supabase.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
## What does this PR do?
Adds a pgvector index tuning guide covering:
- IVFFlat vs HNSW index selection
- Parameter tuning (`lists`, `probes`, `m`, `ef_construction`)
- Performance trade-offs
- Recommendations for production workloads (100k+ embeddings)
## Why?
There is currently limited guidance on index tuning for semantic search
workloads. This helps developers optimize query latency and accuracy
when using Supabase for AI applications.
## Type of change
- [x] Documentation update
Closes#44598
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a semantic search guide section with practical index-tuning
recommendations for large datasets, including IVFFlat and HNSW index
explanations, best-use scenarios, and sample index creation guidance to
balance performance and accuracy.
* **Style**
* Minor import formatting cleanup in a UI utility module (no behavior
changes).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
## What is the current behavior?
No link
## What is the new behavior?
1. Mention not all S3 clients are expected to work
2. Add link to Cyberduck integration as an example
## Additional context
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update — Rewrite the Agent Skills documentation as a single flat
page with a skills table.
## What is the current behavior?
The Agent Skills docs have a nested structure with an index page and
individual dynamic pages for each skill (fetched from the
`supabase/agent-skills` repo). Skills also inject sub-items into the
sidebar navigation.
## What is the new behavior?
This PR replaces the nested skill pages with a single, flat Agent Skills
page that:
- Lists all skills in a **table** with name, description, and a
**copy-to-install button** (fetched dynamically from the
[supabase/agent-skills](https://github.com/supabase/agent-skills) repo)
- Includes **installation commands** for both the skills CLI (`npx
skills add`) and Claude Code plugins
- Links skill names directly to their source on GitHub instead of
rendering full skill content inline
- Removes the dynamic `[slug]` route, sidebar nav injection, and local
skill example files
### Navigation Structure
```
Start
> AI Tools
> Agent Skills (new)
> Prompts (existing)
> Supabase MCP server (existing)
```
Closes
[AI-361](https://linear.app/supabase/issue/AI-361/create-skills-documentation-page-in-ai-tooling-docs)
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Docs update
## What is the current behavior?
No 404 debugging guide for edge functions
## What is the new behavior?
Now there's a guide
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Adds a guide for the recently introduced recursive/nested function
rate-limits.
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
When a session token is refreshed server-side, `@supabase/ssr` writes
the updated JWT via Set-Cookie. If a CDN caches that response and serves
it to another user, that user will be signed in as the wrong person.
Adds documentation covering this in two places:
- creating-a-client.mdx: brief mention with a link to the full
explanation
- advanced-guide.mdx: expands the existing CDN FAQ with an explanation
of the risk and Cache-Control: private, no-store examples for Next.js
and Nuxt
Related: https://github.com/supabase/supabase-js/issues/1682
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
## What is the current behavior?
n/a
## What is the new behavior?
n/a
## Additional context
Add any other context or screenshots.
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Add a couple of technical terms, and a handful of common brand and
products names to simplify docs submissions.
## Description
Adds a troubleshooting article for the `UNUSED_EXTERNAL_IMPORT` build
warnings
that Vite/Rollup/Nuxt users see when bundling apps that use
`@supabase/supabase-js`.
**File:**
`apps/docs/content/troubleshooting/unused-external-import-warning-vite-rollup.mdx`
## What the article covers
- What the warning looks like
- Why it's a false positive (re-exported external imports not recognised
as "used"
by Rollup's code-body check)
- `onwarn` suppression snippet for Vite/Rollup
- `onwarn` suppression snippet for Nuxt
## Related
- https://github.com/supabase/supabase-js/issues/2010
- https://github.com/supabase/supabase-js/pull/2122
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
## What is the current behavior?
Superuser settings list is out of date
## What is the new behavior?
Update superuser settings with [new
configs](21338c8458/ansible/files/postgresql_config/supautils.conf.j2 (L13))
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Updated PostgreSQL custom configuration guide with new superuser-level
settings options including deadlock timeout, parameter logging, network
connectivity, safe update enforcement, and function tracking
capabilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
docs update
## What is the new behavior?
Adds PostgREST mirror codes
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Added a comprehensive PostgREST Error Codes guide covering database-
and API-level errors, HTTP status mappings, JSON examples, SQL query
samples, and log-analysis/debugging tips.
* Updated REST API Guides navigation to include the new Error Codes
documentation link.
* **Style**
* Expanded spelling allow-list to include "Grantor" (case variant) and
"SQL".
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* docs: improve Facebook OAuth guide with troubleshooting and clearer instructions
- Add explicit callback URI pattern with link to dashboard
- Add dedicated "Configure email permissions" section with caution admonition
- Add "Testing your integration" section explaining development mode
- Add "Going live with App Review" section with step-by-step guide
- Add "Troubleshooting" section for common issues
- Add error handling to JavaScript code examples
- Fix Swift example with complete ASWebAuthenticationSession implementation
- Add note about checking pub.dev for latest Flutter package version
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* Apply suggestions from code review
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* docs: improve Facebook OAuth guide with troubleshooting and clearer instructions
- Add explicit callback URI pattern with link to dashboard
- Add dedicated "Configure email permissions" section with caution admonition
- Add "Testing your integration" section explaining development mode
- Add "Going live with App Review" section with step-by-step guide
- Add "Troubleshooting" section for common issues
- Add error handling to JavaScript code examples
- Update Swift example to use webAuthenticationSession environment
- Add note about checking pub.dev for latest Flutter package version
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* style: run format
* Apply suggestions from code review
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* feat(docs): update-ai-prompts
Adds links to prompts from MCP docs, and creates a table of relevant tools where these prompts can be used.
* prompts should be more visible
* Prettier and MDX lint
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* docs(branching): add the list of all valid secrets fields
* chore(docs): allow Captcha to the rules spelling lints
* docs(branching): make external secret a star field
* docs: improve BYOM guide for MCP server deployment and OAuth integration
* fix tutorial for simple mcp server
* remove authentication section
* fix rebase
* fix pnpm.lock
* add Zod to dictionary
* remove authentication from the beginning
* fix mcp-lite link
* change order of deno.json
* fix mcp-handler
* docs: update Refine svg in HeroFrameworks
* docs: use capital R for Refine mentions
* docs: use main branch for Refine repository references
* docs: update connect interface example code for Refine
* docs: update Refine quick start tutorial with Refine v5
* examples(refine-user-management): upgrade to Refine v5
* docs: update Refine getting started tutorial with Refine v5
* chore(studio): update Refine icon on Connect modal
* docs: update Refine svg
* docs: update welcome screen screenshot in Refine tutorial
* docs: update dimensions of welcome screen screenshot in Refine tutorial
* chore: remove leftover dist assets from Refine example
* chore(linter): add Refine to Rule001 and Rule003
* chore: format getting started with Refine.mdx
* chore: remove .prettierrc file from the example
* Add cant access to supabase
* Add identify lovable backend guide
* Improve guide with images and components
* Improve style
* Fix relative urls
* Apply formatting rules
* Put link in line
* Apply formatting rules
* Add Lovable and Lovable Cloud to words allows_list
* Use Admonition for note
* Apply several improvements to content
* Add Pedro Rodrigues to humans.txt
* docs: add MCP-lite Edge Functions tutorial
- Add comprehensive tutorial on building MCP servers with mcp-lite on Supabase Edge Functions
- Add navigation entries in Examples and Third-Party Tools sections
- Based on Fiberplane blog post about mcp-lite and Supabase integration
* docs: remove redundant 'supabase init' step from MCP-lite tutorial
The template from 'npm create mcp-lite@latest' already initializes Supabase, so this step is not needed.
* docs: clarify local development steps for MCP-lite tutorial
- Separate 'supabase start' and 'supabase functions serve' into distinct steps
- Clarify that npm run dev only serves the function, not starts Supabase
- Make it clear these should be run in separate terminals
* style: format MCP-lite tutorial with prettier
* Update apps/docs/content/guides/functions/examples/mcp-server-mcp-lite.mdx
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Fix rules
---------
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* docs: general improve apple sign in guide
* docs: add note regarding supporting full name when sign in with apple
* add ComposeAuth to spelling list
* Formatter
* apply code review fixes
# Conflicts:
# apps/docs/content/guides/auth/social-login/auth-apple.mdx
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
* feat: add `crypto-js`, `encryptString` with sample key
* feat: include POSTGRES_PASSWORD in generated .env.test
* feat: include POSTGRES_PASSWORD in turbo.json for studio
* feat: read only query support
* feat: configurable `POSTGRES_HOST`, `POSTGRES_DB`, `POSTGRES_PORT`
* chore: rename POSTGRES_USER to clarify write permission
* feat: configurable `PG_META_CRYPTO_KEY`
* chore: add `PG_META_CRYPTO_KEY` to generateLocalEnv
* feat: add 'postgres-meta' to linter dictionary
* feat: restore read-only toggle in local MCP URL builder
* docs(react-native): create the basic expo project
* docs(react-native): cross-platform Apple social sign-in
* docs(react-native): cross-platform Google social sign-in
* docs(react-native): fix typos
* docs(react-native): remove wrong entry in the `Connection` component
* Correct typos
* Prettier
* Draft
* Draft
* docs(react-native): use kebab-case file naming convention in Expo guide
- use kebab-case file naming convention in Expo guide
- add trailing semicolon to align with the standard Expo template conventions
* docs(react-native): use kebab-case file naming convention in Expo social auth example
* docs(react-native): update the packages of the Expo social auth example
* Fix
* Draft
* Changes
* Correct log message
---------
Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
