Overview

Agent Auth is Scalekit’s authentication solution that enables your applications to securely connect to third-party services on behalf of your users. It handles the complexity of OAuth flows, token management, and multi-provider authentication for popular business applications like Gmail, Slack, Jira, and more.

What is Agent Auth?

Agent Auth simplifies third-party authentication by providing:

• Multi-provider OAuth: Support for OAuth 2.0 flows across all major providers
• Unified authentication API: Single interface for managing connections to any provider
• Automatic token management: Token refresh, storage, and lifecycle handling
• Flexible authentication modes: Use Scalekit-managed OAuth or bring your own credentials
• Secure token handling: Encrypted token storage and transmission

Key concepts

Providers

Providers are third-party applications that your users can authenticate with. Agent Auth supports OAuth 2.0 flows for popular platforms including Gmail, Slack, GitHub, Jira, and many more.

Connections

Connections define the authentication configuration for a specific provider. Each connection contains:

• Authentication credentials (OAuth client ID/secret, API keys)
• OAuth configuration (authorization URLs, token endpoints, scopes)
• Provider-specific settings (rate limits, API versions)

Connected accounts

Connected accounts represent the authenticated link between a user in your application and their account on a third-party provider. Each connected account maintains:

• Authentication state (active, expired, revoked)
• Access tokens and refresh tokens with automatic refresh handling
• Granted OAuth scopes and permissions
• Token expiration tracking and lifecycle management

Architecture overview

How authentication works

1. Configure provider connections

Set up OAuth credentials for each provider you want to support:

// Create a connection for Gmail with OAuth 2.0
const gmailConnection = await agentConnect.connections.create({
  provider: 'gmail',
  auth_type: 'oauth2',
  credentials: {
    client_id: 'your-gmail-client-id',
    client_secret: 'your-gmail-client-secret'
  },
  scopes: ['https://www.googleapis.com/auth/gmail.send']
});

2. Initiate OAuth flow for users

When users want to connect their accounts, create a connected account and redirect them to complete OAuth:

// Create a connected account for a user
const connectedAccount = await agentConnect.accounts.create({
  connection_id: gmailConnection.id,
  identifier: 'user_123',
  identifier_type: 'user_id'
});

// Generate OAuth authorization URL
const authUrl = await agentConnect.accounts.getAuthUrl(connectedAccount.id);
// Redirect user to authUrl to authenticate with the provider

3. Handle OAuth callback

After the user authorizes your application, the provider redirects back with an authorization code. Agent Auth automatically exchanges this code for access and refresh tokens:

// Agent Auth handles the OAuth callback and token exchange
// Tokens are securely stored and automatically refreshed when needed
const account = await agentConnect.accounts.get(connectedAccount.id);
// account.status will be 'active' once authentication is complete

Supported providers

Agent Auth supports OAuth authentication for a wide range of popular business applications:

Communication

• Gmail (Google Workspace)
• Outlook (Microsoft 365)
• Slack
• Microsoft Teams
• Discord

Productivity

• Google Calendar
• Microsoft Calendar
• Google Drive
• OneDrive
• Notion

Project Management

• Jira
• Asana
• Trello
• Monday.com
• Linear

Development

• GitHub
• GitLab
• Bitbucket
• Figma
• Vercel

Common authentication scenarios

Multi-provider authentication

Enable users to connect multiple third-party accounts in your application:

// Allow users to authenticate with both Gmail and Slack
const gmailAccount = await agentConnect.accounts.create({
  connection_id: gmailConnection.id,
  identifier: 'user_123',
  identifier_type: 'user_id'
});

const slackAccount = await agentConnect.accounts.create({
  connection_id: slackConnection.id,
  identifier: 'user_123',
  identifier_type: 'user_id'
});

// Generate OAuth URLs for each provider
const gmailAuthUrl = await agentConnect.accounts.getAuthUrl(gmailAccount.id);
const slackAuthUrl = await agentConnect.accounts.getAuthUrl(slackAccount.id);

Organization-level connections

Authenticate once for an entire organization:

// Create organization-level connection for shared access
const orgConnection = await agentConnect.accounts.create({
  connection_id: jiraConnection.id,
  identifier: 'org_456',
  identifier_type: 'org_id'
});

// All users in the organization can access this connection
const authUrl = await agentConnect.accounts.getAuthUrl(orgConnection.id);

Token lifecycle management

Agent Auth automatically handles token refresh and expiration:

// Retrieve connected account - tokens are automatically refreshed if expired
const account = await agentConnect.accounts.get(connectedAccount.id);

// Check authentication status
if (account.status === 'active') {
  // User is authenticated and tokens are valid
} else if (account.status === 'expired') {
  // Re-authentication required
  const reAuthUrl = await agentConnect.accounts.getAuthUrl(account.id);
}

Key benefits

Developer experience

• Unified authentication API: Single interface for OAuth across all providers
• Automatic token refresh: No manual token lifecycle management required
• Pre-built OAuth flows: Skip complex OAuth implementation for each provider
• Multi-language SDKs: Support for popular programming languages
• Standardized error handling: Consistent error responses across providers

Security and compliance

• OAuth 2.0 standard: Industry-standard authentication protocol
• Encrypted token storage: Secure storage and transmission of access tokens
• Automatic token rotation: Refresh tokens automatically to minimize exposure
• Audit logging: Complete audit trail of authentication events
• SOC 2 certified: Enterprise-grade security standards

Authentication options

Agent Auth supports multiple authentication approaches:

Scalekit-managed OAuth

Use Scalekit’s shared OAuth applications for quick setup:

• Fast setup: Get started in minutes without registering OAuth apps
• Shared credentials: Pre-configured OAuth credentials for all providers
• Zero configuration: No need to manage client IDs or secrets
• Perfect for: Development, testing, proof of concepts

Bring Your Own OAuth (BYOO)

Use your own OAuth applications for complete control:

• Custom branding: Users see your application name and logo during OAuth
• Higher rate limits: Dedicated quotas for your OAuth application
• Direct relationships: Establish direct OAuth connections with providers
• Enhanced control: Full control over OAuth scopes and permissions
• Perfect for: Production applications, enterprise customers

Getting started

Ready to start using Agent Auth? Here’s what you need to do:

Quickstart Guide

Authentication Flows

Providers

Token Management

Support and resources

Documentation

• Authentication guides: Step-by-step OAuth integration guides
• API reference: Complete authentication API documentation
• SDK documentation: Language-specific authentication examples
• Best practices: Security and token management guidelines

Community and support

• Developer community: Join other developers using Agent Auth
• Support portal: Get help with authentication issues
• Professional services: Expert assistance for complex OAuth integrations

Note

Ready to get started? Check out our Quickstart Guide to implement your first OAuth integration with Agent Auth in minutes.

Agent Auth simplifies third-party authentication so you can focus on building features instead of managing OAuth flows. Start building today and provide seamless authentication experiences for your users.