Self-Hosted Supabase MCP Server

Overview Schema Related Servers Score Discussions

get_auth_user

Retrieve user details from Supabase authentication by providing a user ID. This tool fetches specific user information from the auth.users table in self-hosted Supabase instances.

Instructions

Retrieves details for a specific user from auth.users by their ID.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`user_id`	Yes	The UUID of the user to retrieve.

Implementation Reference

src/tools/get_auth_user.ts:48-101 (handler)

The execute function that queries the auth.users table for the specified user_id using a direct PostgreSQL connection, validates the output with Zod, and returns the AuthUser object.

execute: async (input: GetAuthUserInput, context: ToolContext): Promise<GetAuthUserOutput> => { // Use GetAuthUserOutput
    const client = context.selfhostedClient;
    const { user_id } = input;

    if (!client.isPgAvailable()) {
        context.log('Direct database connection (DATABASE_URL) is required to get auth user details.', 'error');
        throw new Error('Direct database connection (DATABASE_URL) is required to get auth user details.');
    }

    const sql = `
        SELECT
            id,
            email,
            role,
            raw_app_meta_data,
            raw_user_meta_data,
            created_at::text,
            last_sign_in_at::text
        FROM auth.users
        WHERE id = $1
    `;
    const params = [user_id];

    console.error(`Attempting to get auth user ${user_id} using direct DB connection...`);

    // Use transaction for parameterized query
    const user = await client.executeTransactionWithPg(async (pgClient: PoolClient) => {
        const result = await pgClient.query(sql, params);

        if (result.rows.length === 0) {
            throw new Error(`User with ID ${user_id} not found.`);
        }

        // handleSqlResponse expects SqlExecutionResult (SuccessResponse | ErrorResponse)
        // We pass the single row which structurally matches SqlSuccessResponse[0]
        // but handleSqlResponse expects the array wrapper or error.
        // So, we validate the single object directly.
        try {
            const singleUser = AuthUserZodSchema.parse(result.rows[0]);
            return singleUser;
        } catch (validationError) {
             if (validationError instanceof z.ZodError) {
                console.error("Zod validation failed:", validationError.errors);
                throw new Error(`Output validation failed: ${validationError.errors.map(e => `${e.path.join('.')}: ${e.message}`).join(', ')}`);
            } 
            throw validationError; // Rethrow other errors
        }
    });

    console.error(`Found user ${user_id}.`);
    context.log(`Found user ${user_id}.`);
    // The return type is already AuthUser (via GetAuthUserOutput)
    return user;
},

src/tools/get_auth_user.ts:8-25 (schema)

Defines the Zod schemas for input (user_id UUID) and output (AuthUser fields) validation.

const GetAuthUserInputSchema = z.object({
    user_id: z.string().uuid().describe('The UUID of the user to retrieve.'),
});
type GetAuthUserInput = z.infer<typeof GetAuthUserInputSchema>;

// Output schema - Zod for validation (single user)
const AuthUserZodSchema = z.object({
    id: z.string().uuid(),
    email: z.string().email().nullable(),
    role: z.string().nullable(),
    created_at: z.string().nullable(),
    last_sign_in_at: z.string().nullable(),
    raw_app_meta_data: z.record(z.unknown()).nullable(),
    raw_user_meta_data: z.record(z.unknown()).nullable(),
    // Add more fields as needed
});
// Use AuthUser for the output type hint
type GetAuthUserOutput = AuthUser;

src/index.ts:114-114 (registration)
Registers the getAuthUserTool in the availableTools dictionary used by the MCP server.
```
[getAuthUserTool.name]: getAuthUserTool as AppTool,
```
src/index.ts:25-25 (registration)
Imports the getAuthUserTool for use in the MCP server.
```
import { getAuthUserTool } from './tools/get_auth_user.js';
```

src/tools/get_auth_user.ts:44-47 (schema)

Tool definition including inputSchema, mcpInputSchema, and outputSchema references.

inputSchema: GetAuthUserInputSchema,
mcpInputSchema: mcpInputSchema,
outputSchema: AuthUserZodSchema, // Use the single user Zod schema

Tool Definition Quality

B3.3/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It states the action ('Retrieves details') but doesn't describe what 'details' include, error handling (e.g., for invalid IDs), permissions required, or rate limits. For a read operation with zero annotation coverage, this leaves significant behavioral aspects unspecified.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core action and resource. Every word contributes meaning without redundancy, making it easy to parse quickly. It avoids unnecessary elaboration while covering the essential purpose.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's simplicity (one parameter, read-only operation) and high schema coverage, the description is adequate for basic use. However, without annotations or an output schema, it lacks details on return values, error cases, and security context. It meets minimum viability but has clear gaps in behavioral transparency.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, with the parameter 'user_id' fully documented in the schema as a UUID. The description adds minimal value beyond the schema by reiterating 'by their ID', but doesn't provide additional context like ID format examples or sourcing guidance. Baseline 3 is appropriate since the schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb ('Retrieves') and resource ('details for a specific user from auth.users'), making the purpose unambiguous. It specifies the data source ('auth.users') and key identifier ('by their ID'), which helps distinguish it from generic user-fetching tools. However, it doesn't explicitly differentiate from sibling 'list_auth_users', which is a minor gap.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context by specifying 'by their ID', suggesting this tool is for fetching a single known user rather than listing multiple users. However, it doesn't explicitly state when to use this versus 'list_auth_users' or mention prerequisites like authentication requirements. The guidance is functional but lacks explicit alternatives or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/HenkDz/selfhosted-supabase-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server