OAuth Integrations Guide

This guide explains how to set up OAuth authentication for your integrations in Superglue.

Overview

Superglue supports OAuth 2.0 authentication for integrations, allowing secure access to APIs without storing passwords. OAuth provides:
  • Secure token-based authentication
  • Automatic token refresh (when refresh tokens are available)
  • Granular permission scopes
  • Easy revocation of access

Setting Up OAuth

1. Create an OAuth App

First, create an OAuth application with your service provider:
  • GitHub: Settings → Developer settings → OAuth Apps
  • Google: Google Cloud Console → APIs & Services → Credentials
  • Slack: Your Apps → Create New App → OAuth & Permissions
  • HubSpot: App Dashboard → Create app
  • Stripe: Dashboard → Connect → Settings

2. Configure Redirect URI

When creating your OAuth app, you’ll need to specify a redirect/callback URI. Use: 
https://your-domain.com/api/auth/callback
Replace:
  • your-domain.com with your actual domain
For local development, use: 
http://localhost:3000/api/auth/callback

3. Create Integration in Superglue

  1. Go to the Integrations page
  2. Click “Add Integration”
  3. Fill in the OAuth credentials:
{
  "client_id": "your-oauth-client-id",
  "client_secret": "your-oauth-client-secret",
  "auth_url": "https://provider.com/oauth/authorize"
}
Note: The auth_url is optional for known providers (GitHub, Google, Slack, etc.) as it’s auto-detected.

4. Connect via OAuth

After saving the integration:
  1. The OAuth callback URL will be displayed
  2. Click “Connect with OAuth” to initiate the authentication flow
  3. Authorize the application on the provider’s page
  4. You’ll be redirected back to Superglue with tokens populated

OAuth Credential Fields

FieldDescriptionRequired
client_idOAuth application client IDYes
client_secretOAuth application client secretYes
auth_urlAuthorization endpoint URLNo (auto-detected for known providers)
access_tokenCurrent access tokenNo (populated after OAuth flow)
refresh_tokenToken for refreshing accessNo (populated if provided by provider)
token_typeToken type (usually “Bearer”)No (defaults to “Bearer”)
expires_atToken expiration timestampNo (populated if provided)

Supported Providers

Superglue has built-in support for these OAuth providers:
  • GitHub: auth_url: https://github.com/login/oauth/authorize
  • Google: auth_url: https://accounts.google.com/o/oauth2/v2/auth
  • Microsoft: auth_url: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
  • Slack: auth_url: https://slack.com/oauth/v2/authorize
  • HubSpot: auth_url: https://app.hubspot.com/oauth/authorize
  • Stripe: auth_url: https://connect.stripe.com/oauth/authorize
For other providers, specify the auth_url manually.

Token Refresh

Superglue automatically handles token refresh when:
  1. The provider supplies a refresh_token
  2. The expires_at timestamp indicates the token is expired or expiring soon
  3. The integration has valid client_id and client_secret
Tokens are considered expired if they expire within the next 5 minutes.

Using OAuth in Workflows

When using an OAuth-enabled integration in workflows, the access token is automatically included in API requests. You don’t need to manually add authorization headers.

Troubleshooting

”OAuth client credentials not configured”

Ensure you’ve added both client_id and client_secret to your integration’s credentials.

”Token exchange failed”

  • Verify your OAuth app’s redirect URI matches exactly
  • Check that your client credentials are correct
  • Some providers require the app to be published/approved

Token expired

If tokens expire and refresh fails:
  1. Check if the provider supplied a refresh token
  2. Verify refresh token hasn’t been revoked
  3. Re-authenticate by clicking “Connect with OAuth” again

Security Best Practices

  1. Never share client secrets: Keep your client_secret confidential
  2. Use minimal scopes: Only request permissions your integration needs
  3. Rotate credentials: Periodically update client secrets
  4. Monitor access: Review OAuth app access logs on the provider’s dashboard
  5. Revoke unused tokens: Remove integrations you’re no longer using

Example: GitHub OAuth Setup

  1. Go to GitHub Settings → Developer settings → OAuth Apps → New OAuth App
  2. Fill in:
    • Application name: “Superglue Integration”
    • Homepage URL: Your Superglue instance URL
    • Authorization callback URL: https://your-domain.com/api/auth/callback
  3. Create the app and copy the Client ID and Client Secret
  4. In Superglue, create a new integration:
    • ID: github
    • URL Host: https://api.github.com
    • Credentials: 
      {
  "client_id": "your-github-client-id",
  "client_secret": "your-github-client-secret"
}
  5. Save and click “Connect with OAuth”
  6. Authorize the app on GitHub
  7. You’re ready to use GitHub APIs in your workflows!