Clients are authenticated on PowerSync by using JWTs (signed tokens).

Users are not persisted in PowerSync, and there is no server-to-server communication used for client authentication.

Some authentication providers already generate JWTs for users which PowerSync can verify directly —see the documentation for individual providers (e.g. Supabase Auth, Firebase Auth)

For others, some backend code must be added to generate JWTs for PowerSync — see Custom auth.

For a quick way to get up and running, you can generate Development Tokens directly from the PowerSync dashboard.