- Authorization code flow with PKCE support
- Pluggable identity providers (Synthetiq, Google, GitHub, any OIDC provider)
- OAuth client management via the built-in admin UI
- Token refresh and revocation
/settings/oauth-apps. Admins manage all OAuth clients at /admin/oauth-clients.
After creating an OAuth application, the user receives a client ID and client secret. These credentials are used to configure the OAuth flow in whatever third-party tool or service is consuming the app’s HTTP API or MCP server.
For more detail on creating and managing OAuth connections in a deployed app, see OAuth connections.