Creating oAuth Login Flow - Help Needed

After hours spent reading the docs and trying to code oAuth into my plugins, I’m probably even more confused than when I started - can you help?

  1. I add my domain under “Develop your own plugin”.
  2. Validated manifest.
  3. Prompted to add Client ID and Client secret - I add dummy integer strings “1” and “1234”.
  4. I add the “validation token” OpenAI generates to my manifest file and save.
  5. I click “Verify Tokens” button … Ready to install >>“Install for me” button".
  6. Prompted to login via oAuth
  7. I am redirected to my apps login URL - This is the same on as client_url in my manifest.
  8. A non-successful login to the database makes me login in again. A successful login to the database redirects me to that then redirects to
  9. OpenAi sends a post request to my authorization_urlauthorization_url with a JSON {“grant_type”: “authorization_code”, “client_id”: “1”, “client_secret”: “1234”, “code”: “undefined”, “redirect_uri”: “”}

How does #9 interact with the access token and refresh tokens I generate?
How do I stop a user from accessing the plugin once they are no longer in my database?
Does the user need to put in the Client ID and Client secret when they install the plugin also?

1 Like

Doe no reply confirm the docs are woeful and everyone else is equally as stumped or do people not want to share solutions?

You need to store the tokens somewhere and access them. From my understanding, the whole point is to create a middleman between your service and your user’s private data. You have to be able to generate and store a secure token that is associated with the user’s public login info, so that through the OAuth process, their private info and private keys can be used to access services, while still staying protected.

That being said, I’m new at all this, so I still have trouble getting it all to work at this point.

Oauth is Oauth… I wish there was a smoother thing to use, but it is lots of different standards all under one name and is usually a complex task that needs to be worked through.

1 Like

Is why we decided to use

Takes care of all the oauth headaches for us, plus does so much more to make plugin development easier.

Our experience with their service and support has been wonderful!

1 Like

Are you concerned at all with having your plugin tied to their platform? If anything happens or you want to move off platform, wouldn’t you need to resubmit to the plugin store?

1 Like

I wanted to say that I ALSO switched to The founder personally walked me through all my concerns, onboarding, and other setup. The experience has been great so far, and if you’re looking for a growing community, the other developers on the platform assist each other and are going to be doing some exciting things coming up!

1 Like