Skip to content
GlazeGlaze
Integrations

Custom OAuth

The built-in connectors cover GitHub, Linear, and Slack, but plenty of services aren't on that list. Custom OAuth lets you connect any service that supports OAuth 2.0. You supply the provider's details and your own credentials, and the connection then works the same way as a preset.

When to Use Custom OAuth

Reach for custom OAuth when the service you want isn't one of the built-in presets. If it is a preset, use that instead, since the preset hides the provider's credentials and saves you the setup. Use custom OAuth for everything else that signs users in with OAuth 2.0.

Connecting a Custom Provider

  1. Open the Integration menu: In the Agent Chat, click in the composer, click Integration, and select Other OAuth Provider.
  2. Register Glaze with the provider: In the provider's developer settings, create an OAuth application and add Glaze's redirect URL so the provider can hand the connection back. This is where you get the client ID the app will use. 
    https://www.glaze.app/api/oauth/callback
  3. Supply the provider details: Describe what the service requires, typically its authorization URL, token URL, your client ID, and the scopes the app needs. Some providers also require a client secret. The agent wires these into the app's OAuth service for you.
  4. Authorize in your browser: When you run the app and sign in, Glaze opens the provider's sign-in page in your browser. Approve the request, and the provider sends you back to finish the connection.

What You Supply

A custom connection needs the same pieces every OAuth provider defines. You'll usually find these in the provider's API or developer documentation:

  • Authorization URL: where the browser sends you to approve access.
  • Token URL: where the access token is exchanged after you approve.
  • Client ID: the identifier for your registered OAuth application.
  • Scopes: the specific kinds of access the app is requesting.
  • Client secret: only if the provider requires one.

A desktop app can't keep a client secret truly private. Prefer providers that support public clients with PKCE, the standard way for desktop apps to connect without a secret. Only add a secret when the provider requires it, and treat it as recoverable rather than confidential.

Setting Scope

Scopes decide what the connected app can touch, so request only what a feature needs. The provider's docs list the scopes it supports and what each one allows.

Testing the Connection

To confirm a custom connection works, ask the agent to build a simple read, like showing your profile or a small list, then run the app and sign in. The running app is what holds the OAuth access, not the agent, so the check happens in the app.

A quick read tells you everything is wired up before you build a larger feature on top of it. If authorization opens but doesn't complete, check the client ID, the redirect URL, and whether the provider requires PKCE or a client secret.

Where to Go Next

Once your provider is connected, build with it the way you would any integration. See Writing Effective Prompts to describe the feature, and Managing Connections to re-authorize or revoke access later. Your access token is stored encrypted on your Mac, protected by the Keychain, never in plain text. Also see Glaze Privacy & Data for more information.

Last Updated: 30 June 2026