OAuth Configuration
Configure OAuth authentication for MCP servers that require user authorization.
OAuth Overview
OAuth allows users to authorize your chatbot to access their data in external services without sharing passwords.
Authentication Types
| Type | Description | Use Case |
|---|---|---|
| User OAuth | Each user authorizes | Personal data access |
| Centralized | Admin authorizes once | Shared data access |
| API Key | Single key | Simple integrations |
User OAuth Flow
- User interacts with chatbot
- Chatbot needs external data
- User is prompted to authorize
- User logs into external service
- Access is granted
- Chatbot can access data
Setting Up User OAuth
- Go to "Settings" > "Integrations"
- Select the integration
- Choose "User OAuth"
- Configure OAuth settings:
- Client ID
- Client Secret
- Scopes
- Click "Save"
OAuth Credentials
You'll need from the service provider:
| Field | Description |
|---|---|
| Client ID | Your app identifier |
| Client Secret | Your app secret |
| Redirect URI | WizChat callback URL |
| Scopes | Permissions requested |
Getting OAuth Credentials
Salesforce:
- Create a Connected App in Salesforce Setup
- Enable OAuth settings
- Copy Client ID and Secret
Atlassian:
- Create an app in Atlassian Developer Console
- Configure OAuth 2.0
- Copy credentials
Google:
- Create project in Google Cloud Console
- Enable required APIs
- Create OAuth credentials
Centralized Credentials
For shared access where all users see the same data:
- Go to "Settings" > "Integrations"
- Select the integration
- Choose "Centralized"
- Click "Connect"
- Authorize with admin account
- All chatbot users share this access
When to Use Centralized
- Accessing shared company data
- When users don't have individual accounts
- For read-only data access
Security Considerations
- Admin credentials access all data
- Users see admin's accessible data
- Use read-only scopes when possible
Managing OAuth Tokens
View Connected Accounts
- Go to "Settings" > "Integrations"
- Click on the integration
- View connected accounts
Revoke Access
- Find the connected account
- Click "Revoke"
- Confirm revocation
Token Refresh
Tokens are automatically refreshed when:
- Token expires
- New request is made
- Background refresh runs
User Experience
Authorization Prompt
Users see an authorization prompt when:
- First using an OAuth-protected feature
- Token has expired and can't refresh
- Permissions change
Handling Denied Access
If a user denies authorization:
- Chatbot gracefully handles the denial
- Alternative responses are provided
- User can authorize later
Troubleshooting
Authorization Failed
- Verify OAuth credentials
- Check redirect URI configuration
- Ensure required scopes are correct
Token Expired
- Refresh token should auto-refresh
- If not, user may need to re-authorize
- Check token lifetime settings
Scope Issues
- Verify scopes match provider settings
- Some providers require exact scope strings
- Additional scopes may need approval