OAuth via different website

Can OAuth flow described in the documentation be used with 3rd party website instead of the plugin’s website? So the domain for client_url and authorization_url specified in manifest will differ to plugin’s domain.

Use case: I’m building a plugin for spotify and need a user to authorize my spotify app to get access token before my plugin can create and manage playlist.

1 Like

Nevermind, I answered my own question. It works great!


Could you please provide some detail about how you got it working? I’m doing something similar with a different 3rd party api, but struggling to get it working

@rs sure, can you give more details about what you tried and what didn’t work?

Generally, the flow would look something like this.

If your 3rd party service has an API and supports OAuth, it would have a way to create an app. For example, for spotify you can do it here. After an app is created you will get client_id and client_secret. Then in your ai-plugin.json you have to fill in auth section correctly and provide URLs for client_url and authorization_url. Those URLs would be specific for your 3rd party service and you can find them by reading their API docs. The client_url is where the user is redirected to give permissions to your app and authorization_url is what OpenAI will call to obtain an access token.

When you first set up your plugin (click “develop my plugin” in plugin store) with ai-plugin.json set up as mentioned above, it will ask you for client_id and client_secret. Put there values you obtained when you created your 3rd party app.

That’s briefly the flow. Let me know which part you are struggling with.