@capgo/capacitor-supabase
May 11, 2026 · View on GitHub
Native Supabase SDK integration for Capacitor - Auth, Database, and JWT access.
Why Capacitor Supabase?
A native Supabase SDK integration that provides real native authentication with JWT token access for your Capacitor apps:
- Native SDK integration - Full access to Supabase's native iOS and Android SDKs
- JWT token access - Get JWT tokens from native auth for use in JavaScript/web layers
- Complete auth methods - Email/password, OAuth, OTP, magic links, and more
- Session management - Native session handling with automatic token refresh
- Database operations - Native CRUD operations for Supabase tables
- Auth state listeners - Real-time auth state change events
- Hybrid approach - Use native auth with supabase-js for database queries
- Free and open source - No paid services required
Perfect for apps that need secure native authentication while leveraging Supabase's powerful backend services.
Why only Auth and basic DB operations? The Supabase JS SDK already works great in Capacitor for most features (Realtime, Storage, Edge Functions, etc.). Building native bridges for every feature would add complexity without real benefits. This plugin focuses on authentication where native SDKs provide actual value (secure token storage, OAuth flows, biometrics). For everything else, just use @supabase/supabase-js with the JWT from native auth.
Why not bridge everything natively?
- No performance gain - The bridge overhead (JSON serialization/deserialization between JS and native) negates any benefit from skipping HTTP preflight requests. You're just moving the transformation cost from network to CPU.
- Type safety issue - Native SDKs require typed models for every table/query. You'd need to define Swift/Kotlin types for your entire database schema and keep them in sync. With JS, you get dynamic typing that just works.
- Maintenance burden - Every Supabase SDK update would require updating 3 codebases (JS, iOS, Android) instead of just one. The JS SDK is already well-maintained by Supabase.
Documentation
The most complete doc is available here: https://capgo.app/docs/plugins/supabase/
Compatibility
| Plugin version | Capacitor compatibility | Maintained |
|---|---|---|
| v8.*.* | v8.*.* | ✅ |
| v7.*.* | v7.*.* | On demand |
| v6.*.* | v6.*.* | ❌ |
| v5.*.* | v5.*.* | ❌ |
Note: The major version of this plugin follows the major version of Capacitor. Use the version that matches your Capacitor installation (e.g., plugin v8 for Capacitor 8). Only the latest major version is actively maintained.
Install
npm install @capgo/capacitor-supabase
npx cap sync
iOS Setup
No additional setup required. The plugin uses Swift Package Manager to include the Supabase Swift SDK.
Android Setup
The plugin requires a minimum SDK of 26 (Android 8.0). Make sure your android/variables.gradle has:
minSdkVersion = 26
Usage
Initialize the Client
import { CapacitorSupabase } from '@capgo/capacitor-supabase';
await CapacitorSupabase.initialize({
supabaseUrl: 'https://your-project.supabase.co',
supabaseKey: 'your-anon-key'
});
Authentication
Sign In with Email/Password
const { session, user } = await CapacitorSupabase.signInWithPassword({
email: 'user@example.com',
password: 'password123'
});
// Access the JWT token
console.log('JWT:', session?.accessToken);
Sign Up
const { session, user } = await CapacitorSupabase.signUp({
email: 'newuser@example.com',
password: 'password123',
data: { name: 'John Doe' }
});
OAuth Sign In
await CapacitorSupabase.signInWithOAuth({
provider: 'google',
redirectTo: 'myapp://callback'
});
OTP Sign In
// Send OTP
await CapacitorSupabase.signInWithOtp({
email: 'user@example.com'
});
// Verify OTP
const { session, user } = await CapacitorSupabase.verifyOtp({
email: 'user@example.com',
token: '123456',
type: 'email'
});
Sign Out
await CapacitorSupabase.signOut();
Session Management
Get Current Session
const { session } = await CapacitorSupabase.getSession();
if (session) {
console.log('JWT:', session.accessToken);
console.log('Refresh Token:', session.refreshToken);
console.log('Expires At:', session.expiresAt);
}
Refresh Session
const { session } = await CapacitorSupabase.refreshSession();
Get Current User
const { user } = await CapacitorSupabase.getUser();
if (user) {
console.log('User ID:', user.id);
console.log('Email:', user.email);
}
Set Session Manually
const { session } = await CapacitorSupabase.setSession({
accessToken: 'eyJ...',
refreshToken: 'abc123'
});
Listen to Auth State Changes
const listener = await CapacitorSupabase.addListener(
'authStateChange',
({ event, session }) => {
console.log('Auth event:', event);
// Events: INITIAL_SESSION, SIGNED_IN, SIGNED_OUT, TOKEN_REFRESHED, USER_UPDATED
if (session) {
console.log('JWT:', session.accessToken);
}
}
);
// Later, remove the listener
listener.remove();
Using JWT with @supabase/supabase-js
The main use case is to get the JWT from native auth and use it with the JavaScript Supabase client:
import { createClient } from '@supabase/supabase-js';
import { CapacitorSupabase } from '@capgo/capacitor-supabase';
// Initialize native client
await CapacitorSupabase.initialize({
supabaseUrl: 'https://your-project.supabase.co',
supabaseKey: 'your-anon-key'
});
// Sign in natively
await CapacitorSupabase.signInWithPassword({
email: 'user@example.com',
password: 'password'
});
// Get session with JWT
const { session } = await CapacitorSupabase.getSession();
// Create JS client with the native session
const supabase = createClient(
'https://your-project.supabase.co',
'your-anon-key',
{
global: {
headers: {
Authorization: `Bearer ${session?.accessToken}`
}
}
}
);
// Now use supabase-js as normal
const { data } = await supabase.from('table').select('*');
Database Operations (Native)
The plugin also supports native database operations:
Select
const { data, error } = await CapacitorSupabase.select({
table: 'users',
columns: 'id, name, email',
filter: { active: true },
limit: 10,
orderBy: 'created_at',
ascending: false
});
Insert
const { data, error } = await CapacitorSupabase.insert({
table: 'posts',
values: { title: 'Hello', content: 'World' }
});
Update
const { data, error } = await CapacitorSupabase.update({
table: 'posts',
values: { title: 'Updated Title' },
filter: { id: 1 }
});
Delete
const { data, error } = await CapacitorSupabase.delete({
table: 'posts',
filter: { id: 1 }
});
API
initialize(...)signInWithPassword(...)signUp(...)signInWithOAuth(...)signInWithOtp(...)verifyOtp(...)signOut()getSession()refreshSession()getUser()setSession(...)addListener('authStateChange', ...)removeAllListeners()select(...)insert(...)update(...)delete(...)getPluginVersion()- Interfaces
- Type Aliases
Capacitor Supabase Plugin for native Supabase SDK integration.
This plugin provides native iOS and Android Supabase SDK functionality with the ability to retrieve JWT tokens for use in JavaScript/web layers.
initialize(...)
initialize(options: SupabaseConfig) => Promise<void>
Initialize the Supabase client with your project credentials. Must be called before any other methods.
| Param | Type | Description |
|---|---|---|
options | SupabaseConfig | - Configuration options including URL and API key |
Since: 0.0.1
signInWithPassword(...)
signInWithPassword(options: SignInWithPasswordOptions) => Promise<AuthResult>
Sign in with email and password.
| Param | Type | Description |
|---|---|---|
options | SignInWithPasswordOptions | - Email and password credentials |
Returns: Promise<AuthResult>
Since: 0.0.1
signUp(...)
signUp(options: SignUpOptions) => Promise<AuthResult>
Sign up a new user with email and password.
| Param | Type | Description |
|---|---|---|
options | SignUpOptions | - Email, password, and optional user metadata |
Returns: Promise<AuthResult>
Since: 0.0.1
signInWithOAuth(...)
signInWithOAuth(options: SignInWithOAuthOptions) => Promise<void>
Sign in with an OAuth provider. Opens the provider's authentication page.
| Param | Type | Description |
|---|---|---|
options | SignInWithOAuthOptions | - OAuth provider and optional redirect URL |
Since: 0.0.1
signInWithOtp(...)
signInWithOtp(options: SignInWithOtpOptions) => Promise<void>
Sign in with OTP (One-Time Password) sent via email or SMS.
| Param | Type | Description |
|---|---|---|
options | SignInWithOtpOptions | - Email or phone number to send OTP to |
Since: 0.0.1
verifyOtp(...)
verifyOtp(options: VerifyOtpOptions) => Promise<AuthResult>
Verify an OTP token.
| Param | Type | Description |
|---|---|---|
options | VerifyOtpOptions | - Email/phone, token, and verification type |
Returns: Promise<AuthResult>
Since: 0.0.1
signOut()
signOut() => Promise<void>
Sign out the current user.
Since: 0.0.1
getSession()
getSession() => Promise<{ session: Session | null; }>
Get the current session if one exists. Returns the session with JWT access token.
Returns: Promise<{ session: Session | null; }>
Since: 0.0.1
refreshSession()
refreshSession() => Promise<{ session: Session | null; }>
Refresh the current session and get new tokens.
Returns: Promise<{ session: Session | null; }>
Since: 0.0.1
getUser()
getUser() => Promise<{ user: User | null; }>
Get the currently authenticated user.
Returns: Promise<{ user: User | null; }>
Since: 0.0.1
setSession(...)
setSession(options: SetSessionOptions) => Promise<{ session: Session | null; }>
Set the session manually with access and refresh tokens. Useful for restoring a session or integrating with external auth.
| Param | Type | Description |
|---|---|---|
options | SetSessionOptions | - Access and refresh tokens |
Returns: Promise<{ session: Session | null; }>
Since: 0.0.1
addListener('authStateChange', ...)
addListener(eventName: 'authStateChange', listenerFunc: (data: AuthStateChange) => void) => Promise<PluginListenerHandle>
Listen to authentication state changes.
| Param | Type | Description |
|---|---|---|
eventName | 'authStateChange' | - Must be 'authStateChange' |
listenerFunc | (data: AuthStateChange) => void | - Callback function for auth state changes |
Returns: Promise<PluginListenerHandle>
Since: 0.0.1
removeAllListeners()
removeAllListeners() => Promise<void>
Remove all listeners for auth state changes.
Since: 0.0.1
select(...)
select<T = unknown>(options: SelectOptions) => Promise<QueryResult<T[]>>
Execute a SELECT query on a table.
| Param | Type | Description |
|---|---|---|
options | SelectOptions | - Query options including table, columns, filters |
Returns: Promise<QueryResult<T[]>>
Since: 0.0.1
insert(...)
insert<T = unknown>(options: InsertOptions) => Promise<QueryResult<T>>
Insert data into a table.
| Param | Type | Description |
|---|---|---|
options | InsertOptions | - Table name and values to insert |
Returns: Promise<QueryResult<T>>
Since: 0.0.1
update(...)
update<T = unknown>(options: UpdateOptions) => Promise<QueryResult<T>>
Update data in a table.
| Param | Type | Description |
|---|---|---|
options | UpdateOptions | - Table name, values to update, and filter conditions |
Returns: Promise<QueryResult<T>>
Since: 0.0.1
delete(...)
delete<T = unknown>(options: DeleteOptions) => Promise<QueryResult<T>>
Delete data from a table.
| Param | Type | Description |
|---|---|---|
options | DeleteOptions | - Table name and filter conditions |
Returns: Promise<QueryResult<T>>
Since: 0.0.1
getPluginVersion()
getPluginVersion() => Promise<{ version: string; }>
Get the native Capacitor plugin version.
Returns: Promise<{ version: string; }>
Since: 0.0.1
Interfaces
SupabaseConfig
Configuration options for initializing the Supabase client.
| Prop | Type | Description | Since |
|---|---|---|---|
supabaseUrl | string | The Supabase project URL. | 0.0.1 |
supabaseKey | string | The Supabase anonymous/public key. | 0.0.1 |
AuthResult
Result of authentication operations that return a session.
| Prop | Type | Description | Since |
|---|---|---|---|
session | Session | null | The session if authentication was successful. | 0.0.1 |
user | User | null | The authenticated user if successful. | 0.0.1 |
Session
Session object containing authentication tokens.
| Prop | Type | Description | Since |
|---|---|---|---|
accessToken | string | The JWT access token. Use this for authenticated API requests. | 0.0.1 |
refreshToken | string | The refresh token for obtaining new access tokens. | 0.0.1 |
tokenType | string | Token type (usually "bearer"). | 0.0.1 |
expiresIn | number | Number of seconds until the access token expires. | 0.0.1 |
expiresAt | number | Unix timestamp when the token expires. | 0.0.1 |
user | User | The authenticated user. | 0.0.1 |
User
User object returned from authentication operations.
| Prop | Type | Description | Since |
|---|---|---|---|
id | string | Unique identifier for the user. | 0.0.1 |
email | string | User's email address. | 0.0.1 |
phone | string | User's phone number. | 0.0.1 |
createdAt | string | Timestamp when the user was created. | 0.0.1 |
lastSignInAt | string | Timestamp when the user last signed in. | 0.0.1 |
userMetadata | Record<string, unknown> | User metadata (custom fields). | 0.0.1 |
appMetadata | Record<string, unknown> | App metadata. | 0.0.1 |
SignInWithPasswordOptions
Options for email/password sign-in.
| Prop | Type | Description | Since |
|---|---|---|---|
email | string | User's email address. | 0.0.1 |
password | string | User's password. | 0.0.1 |
SignUpOptions
Options for email/password sign-up.
| Prop | Type | Description | Since |
|---|---|---|---|
email | string | User's email address. | 0.0.1 |
password | string | User's password. | 0.0.1 |
data | Record<string, unknown> | Optional user metadata to store with the user. | 0.0.1 |
SignInWithOAuthOptions
Options for OAuth sign-in.
| Prop | Type | Description | Since |
|---|---|---|---|
provider | OAuthProvider | The OAuth provider to use. | 0.0.1 |
redirectTo | string | URL to redirect to after authentication. | 0.0.1 |
scopes | string | OAuth scopes to request. | 0.0.1 |
SignInWithOtpOptions
Options for OTP sign-in.
| Prop | Type | Description | Since |
|---|---|---|---|
email | string | User's email address (required if phone is not provided). | 0.0.1 |
phone | string | User's phone number (required if email is not provided). | 0.0.1 |
VerifyOtpOptions
Options for verifying OTP.
| Prop | Type | Description | Since |
|---|---|---|---|
email | string | User's email address (required if phone is not provided). | 0.0.1 |
phone | string | User's phone number (required if email is not provided). | 0.0.1 |
token | string | The OTP token received via email/SMS. | 0.0.1 |
type | 'sms' | 'email' | 'magiclink' | 'signup' | 'recovery' | The type of OTP verification. | 0.0.1 |
SetSessionOptions
Options for setting a session manually.
| Prop | Type | Description | Since |
|---|---|---|---|
accessToken | string | The access token. | 0.0.1 |
refreshToken | string | The refresh token. | 0.0.1 |
PluginListenerHandle
| Prop | Type |
|---|---|
remove | () => Promise<void> |
AuthStateChange
Auth state change callback data.
| Prop | Type | Description | Since |
|---|---|---|---|
event | AuthChangeEvent | The type of auth event. | 0.0.1 |
session | Session | null | The current session (null if signed out). | 0.0.1 |
QueryResult
Result of database queries.
| Prop | Type | Description | Since |
|---|---|---|---|
data | T | null | The query result data. | 0.0.1 |
error | string | null | Error message if the query failed. | 0.0.1 |
count | number | Number of affected rows (for insert/update/delete). | 0.0.1 |
SelectOptions
Options for database select queries.
| Prop | Type | Description | Since |
|---|---|---|---|
table | string | The table name to query. | 0.0.1 |
columns | string | Columns to select (default: "*"). | 0.0.1 |
filter | Record<string, unknown> | Filter conditions as key-value pairs. | 0.0.1 |
limit | number | Maximum number of rows to return. | 0.0.1 |
offset | number | Number of rows to skip. | 0.0.1 |
orderBy | string | Column to order by. | 0.0.1 |
ascending | boolean | Order direction. | 0.0.1 |
single | boolean | Return a single row instead of an array. | 0.0.1 |
InsertOptions
Options for database insert queries.
| Prop | Type | Description | Since |
|---|---|---|---|
table | string | The table name to insert into. | 0.0.1 |
values | Record<string, unknown> | Record<string, unknown>[] | The data to insert (single object or array of objects). | 0.0.1 |
UpdateOptions
Options for database update queries.
| Prop | Type | Description | Since |
|---|---|---|---|
table | string | The table name to update. | 0.0.1 |
values | Record<string, unknown> | The data to update. | 0.0.1 |
filter | Record<string, unknown> | Filter conditions to match rows to update. | 0.0.1 |
DeleteOptions
Options for database delete queries.
| Prop | Type | Description | Since |
|---|---|---|---|
table | string | The table name to delete from. | 0.0.1 |
filter | Record<string, unknown> | Filter conditions to match rows to delete. | 0.0.1 |
Type Aliases
Record
Construct a type with a set of properties K of type T
{
[P in K]: T;
}
OAuthProvider
Supported OAuth providers.
'apple' | 'azure' | 'bitbucket' | 'discord' | 'facebook' | 'figma' | 'github' | 'gitlab' | 'google' | 'kakao' | 'keycloak' | 'linkedin' | 'linkedin_oidc' | 'notion' | 'slack' | 'slack_oidc' | 'spotify' | 'twitch' | 'twitter' | 'workos' | 'zoom'
AuthChangeEvent
Auth state change event types.
'INITIAL_SESSION' | 'SIGNED_IN' | 'SIGNED_OUT' | 'TOKEN_REFRESHED' | 'USER_UPDATED' | 'PASSWORD_RECOVERY'
License
MPL-2.0