Skip to main content

OAuth Connections

Lucid uses OAuth to connect AI agents to third-party services securely. When an agent needs to call a tool (e.g., post to Slack, create a GitHub issue), MCPGate resolves credentials through the configured OAuth connection.

Supported Providers

ProviderScopes Available
GitHubrepos, issues, pull requests, actions
GitLabprojects, merge requests, pipelines
GoogleDrive, Docs, Sheets, Calendar, Gmail
Slackchannels, messages, files, reactions
Discordguilds, channels, messages
Notionpages, databases, blocks
HuggingFacemodels, datasets, spaces
Twitter/Xtweets, timelines, DMs
Linearissues, projects, teams
Jiraissues, projects, sprints

Connect a Provider

From the Dashboard

  1. Go to Dashboard → Settings → Connections
  2. Click Add Connection
  3. Select the provider
  4. Authorize access in the OAuth popup
  5. The connection appears as “Active”

Via API

// Initiate OAuth flow
const connection = await lucid.oauth.connect({
  provider: "github",
  scopes: ["repo", "read:org"],
  redirectUrl: "https://your-app.com/callback",
});

// Redirect user to connection.authUrl
window.location.href = connection.authUrl;

Handle Callback

// In your callback handler:
app.get("/callback", async (req, res) => {
  const { code, state } = req.query;

  await lucid.oauth.callback({
    provider: "github",
    code: code as string,
    state: state as string,
  });

  res.redirect("/settings/connections");
});

List Connections

const connections = await lucid.oauth.list();
connections.forEach(c => {
  console.log(`${c.provider}: ${c.status}`);
  console.log(`  Scopes: ${c.scopes.join(", ")}`);
  console.log(`  Expires: ${c.expiresAt || "never"}`);
});

Token Refresh

OAuth tokens are refreshed automatically when they expire. If a refresh fails, the connection status changes to expired and you’ll need to re-authorize.

Revoke a Connection

await lucid.oauth.revoke("github");

Self-Hosted Alternative

If you’re self-hosting MCPGate without OAuth, use the CredentialAdapter system instead:
  • EnvVarAdapter — Set tokens as environment variables (simplest)
  • DatabaseAdapter — Store encrypted tokens in Postgres
See MCPGate Concepts for details on credential adapters.