Summary
The OpenAI Supabase App connector currently appears to authorize access to only one Supabase organization at a time. This is painful for users who have projects split across multiple Supabase organizations under the same Supabase account.
I realize the OpenAI Supabase App connector itself may not be open source in this repo. I am filing this here because the issue appears to be in the hosted Supabase OAuth / organization grant flow that is also relevant to hosted MCP-style connections. If this belongs somewhere else internally, please route it to the right team.
What happens
- In OpenAI Codex / ChatGPT plugin settings, connect the Supabase App.
- A browser page opens to grant Supabase access.
- The Supabase account has multiple organizations.
- The organization dropdown shows multiple organizations.
- The consent flow allows selecting only one organization.
- After linking, the OpenAI Supabase App can only see projects from that selected organization.
- Reconnecting the app still requires choosing only one organization, so there is no way to grant access to all organizations for the same Supabase account.
Expected behavior
There should be a way to authorize access to multiple organizations, ideally one of:
- an "all organizations" option,
- multi-select organization authorization,
- repeated app links for multiple organizations,
- or clear documented guidance/workaround for users with projects across organizations.
The Supabase CLI already works in the expected account-wide way: a logged-in/PAT-authenticated CLI can list multiple organizations and projects under the same user account.
Why this looks like an OAuth/grant limitation
From the open-source MCP server code, the account tools appear capable of returning multiple organizations/projects when the bearer token has access:
list_organizations calls the Management API /v1/organizations endpoint.list_projects calls the Management API /v1/projects endpoint.- Account tools are enabled when the server is not project-scoped.
The CLI similarly calls the Management API's list-all-organizations/list-all-projects endpoints using the user's saved access token, and that can see multiple organizations.
So the issue does not look like the MCP tool implementation cannot handle multiple orgs. It looks like the hosted OAuth/app authorization flow issues a token/grant scoped to exactly one selected organization.
Impact
Users with normal multi-org setups cannot use the OpenAI Supabase App connector across all of their Supabase projects. They must reconnect to switch orgs, use separate PAT-based local MCP configuration, or fall back to the Supabase CLI.
Related but not the same
There is an existing issue about multiple projects and MCP setup: #233. This issue is specifically about multiple organizations in the hosted OAuth/App authorization flow, where the browser consent UI only allows choosing one organization even though the account has more than one.
Summary
The OpenAI Supabase App connector currently appears to authorize access to only one Supabase organization at a time. This is painful for users who have projects split across multiple Supabase organizations under the same Supabase account.
I realize the OpenAI Supabase App connector itself may not be open source in this repo. I am filing this here because the issue appears to be in the hosted Supabase OAuth / organization grant flow that is also relevant to hosted MCP-style connections. If this belongs somewhere else internally, please route it to the right team.
What happens
Expected behavior
There should be a way to authorize access to multiple organizations, ideally one of:
The Supabase CLI already works in the expected account-wide way: a logged-in/PAT-authenticated CLI can list multiple organizations and projects under the same user account.
Why this looks like an OAuth/grant limitation
From the open-source MCP server code, the account tools appear capable of returning multiple organizations/projects when the bearer token has access:
list_organizationscalls the Management API/v1/organizationsendpoint.list_projectscalls the Management API/v1/projectsendpoint.The CLI similarly calls the Management API's list-all-organizations/list-all-projects endpoints using the user's saved access token, and that can see multiple organizations.
So the issue does not look like the MCP tool implementation cannot handle multiple orgs. It looks like the hosted OAuth/app authorization flow issues a token/grant scoped to exactly one selected organization.
Impact
Users with normal multi-org setups cannot use the OpenAI Supabase App connector across all of their Supabase projects. They must reconnect to switch orgs, use separate PAT-based local MCP configuration, or fall back to the Supabase CLI.
Related but not the same
There is an existing issue about multiple projects and MCP setup: #233. This issue is specifically about multiple organizations in the hosted OAuth/App authorization flow, where the browser consent UI only allows choosing one organization even though the account has more than one.