Control Center

How it works

PortAuthorityPass (PAP) is a centralized auth gateway. Any app you own can delegate its login flow to PAP. Once a user is authenticated here, PAP redirects them back to your app. Your app then uses the Supabase session to verify who the user is.

Step 1 — Register your app (Admin only)

Go to Admin → Apps → + Add App. Fill in:

• Name — display name shown in the portal
• Slug — a unique lowercase ID, e.g. my-tool
• Entry URL — the base URL of your app, e.g. https://mytool.plabs.cloud
• Icon — optional emoji shown next to the app name

Once saved, the app appears in the platform and users with membership can access it.

Step 2 — Add your Supabase client

In your app, install @supabase/supabase-js and initialise it with the same project URL and anon key as PAP:

import { createClient } from '@supabase/supabase-js';

const supabase = createClient(
  'https://api.plabs.cloud',  // PAP Supabase URL
  'YOUR_ANON_KEY'              // from supabase/config.toml → anon key
);

Because both PAP and your app share the same Supabase project, the user's session cookie/token is valid in both places.

Step 3 — Redirect to PAP for login

Instead of a login form, send users to PAP with a return_to parameter:

// In your app — detect unauthenticated user, then:
window.location.href =
  'https://auth.plabs.cloud/?return_to=' +
  encodeURIComponent(window.location.href);

Step 4 — Read the user in your app

After PAP redirects back, call getSession() to confirm the user:

const { data: { session } } = await supabase.auth.getSession();
if (!session) {
  // Not authenticated — redirect to PAP
} else {
  const user = session.user;
  console.log('Logged in as', user.email);
}

Supabase credentials

Find these in supabase/config.toml or by running npx supabase status:

• API URL: —
• Anon Key: —