Skip to main content

OAuth Apps for SaaS

Yes, you now have an explicit OAuth Apps guide set. If your SaaS needs third-party integrations, agent tool auth, or protected MCP resources, OAuth apps should be treated as first-class product infrastructure. This section covers the full lifecycle:
  1. Create OAuth apps and clients.
  2. Configure scopes and consent behavior.
  3. Handle consent screens and approvals.
  4. Verify access tokens in your backend.
  5. Rotate secrets and manage active grants.
  1. Start with Console to define app, clients, and scopes.
  2. Automate app/client lifecycle through SDK OAuth operations.
  3. Use backend verification in your resource server (verifyOauthAccessTokenRequest in Node, verify_oauth_access_token_request in Rust).
  4. Add operational controls for secret rotation and grant revocation.

Read in this order

  1. Create OAuth Apps and Clients
  2. Implement OAuth Consent Flow
  3. Verify Tokens and Operate OAuth Clients
  1. Node SDK OAuth Apps API
  2. Rust SDK OAuth Apps Guide
  3. Node SDK Gateway Authz
  4. Frontend OAuth Consent API Reference
  5. Backend API Reference
  6. Protect MCP Servers with OAuth Apps