How to get Apps SDK auth token for authenticated calls to a backend?

In the new Apps SDK, ChatGPT acts as an OAuth 2.1 client, and gets an access token from the OAuth 2.1 provider that allows it to make authenticated calls to the MCP server on behalf of the user.

Within an Apps SDK widget, is there any way to get the value of this OAuth token? I’d like to use it to authenticate to my backend too for plain old non-MCP API calls!

We can make authenticated requests to the MCP server as well with the window.openai tool, but, this is slow, and we don’t necessarily want to expose all API functionality as MCP tools. In the Apps SDK docs, it’s suggested that we can use a backend API to do persistence etc, but, how are we supposed to tell the backend who we are and maintain the same identity as the MCP calls?

+1 I need this functionality too. Unless apps are intended to be read-only, they need the user’s access token to make client-side calls.

We tried returning the access token with the MCP schema so the client can pull it out of toolResponseMetadata and this does work (yay!) but only until the token expires (boo!). Then the UI is effectively bricked because it has a stale token woven into its state.

Only other route I can think of is to add an “echo” tool to your MCP server that responds with the token sent to it and use callTool to retrieve it client-side. Keeping ChatGPT from calling this tool in the normal course of conversation should be possible. This is obviously on the far side of the hacky/elegant spectrum.