INTEGRATION6 min read
OAuth Integration
Setting up OAuth 2.0 for Claude, n8n, and other integrations
Overview
Conexor supports OAuth 2.0 for authenticating third-party applications. This allows services like Claude, n8n, or custom applications to access your MCP endpoints securely.
Supported Flows
Client Credentials
Server-to-server authentication. Best for automated systems.
bash
curl -X POST https://app.conexor.io/api/oauth/token -d "grant_type=client_credentials" -d "client_id=client_xxxxx" -d "client_secret=secret_xxxxx" -d "scope=mcp:tools:read mcp:tools:execute"
Authorization Code + PKCE
User-facing applications. Requires user consent. Best for Claude Desktop.
text
# Step 1: Generate PKCE code verifier & challenge code_verifier=$(openssl rand -base64 32 | tr -d '=/+') code_challenge=$(echo -n $code_verifier | openssl dgst -sha256 -binary | base64 | tr -d '=/+' | tr '+/' '-_') # Step 2: Direct user to consent page https://app.conexor.io/oauth/consent? client_id=client_xxxxx &response_type=code &scope=mcp:tools:read,mcp:tools:execute &redirect_uri=http://localhost:3000/callback &code_challenge=$code_challenge &code_challenge_method=S256 &state=random_state_value # Step 3: Exchange authorization code for token curl -X POST https://app.conexor.io/api/oauth/token \ -d "grant_type=authorization_code" \ -d "code=AUTH_CODE_FROM_CALLBACK" \ -d "code_verifier=$code_verifier" \ -d "client_id=client_xxxxx" \ -d "redirect_uri=http://localhost:3000/callback"
Creating an OAuth Client
- Go to Dashboard → Servers → Select your MCP server
- Scroll to OAuth Clients section
- Click "Create OAuth Client"
- Enter a name and select scopes
- Save the client_id and client_secret
NOTEThe client_secret is only shown once. Store it securely.
Available Scopes
| Scope | Description |
|---|---|
| mcp:tools:read | List available tools |
| mcp:tools:execute | Execute tools (query data) |
| mcp:resources:read | Read resources (skills) |
| mcp:server:read | Read server info |
| mcp:server:manage | Update server settings and configuration |
Using with Claude Desktop
Claude Desktop supports OAuth for MCP servers. Configure your claude_desktop_config.json:
json
{
"mcpServers": {
"conexor-sales": {
"url": "https://app.conexor.io/mcp/acme/sales-api",
"oauth": {
"clientId": "client_xxxxx",
"clientSecret": "secret_xxxxx",
"scopes": ["mcp:tools:read", "mcp:tools:execute"]
}
}
}
}Endpoints Reference
| Endpoint | URL | Description |
|---|---|---|
| Authorize | GET /oauth/consent | User consent page (redirect user here) |
| Token | POST /api/oauth/token | Exchange code or credentials for access token |
| Revoke | POST /api/oauth/revoke | Revoke an access or refresh token |
Token Endpoint
text
POST /api/oauth/token
Content-Type: application/x-www-form-urlencoded
# Client Credentials
grant_type=client_credentials&client_id=xxx&client_secret=xxx&scope=xxx
# Authorization Code
grant_type=authorization_code&code=xxx&code_verifier=xxx&client_id=xxx&redirect_uri=xxx
# Response
{
"access_token": "eyJhbGciOiJIUzI1NiIs...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "mcp:tools:read mcp:tools:execute"
}