Security

OAuth flow

A multi-step authentication flow where the user grants the agent scoped access to a third-party service.

also known as: OAuth2 authorization

In depth

OAuth is how the user authorises an agent to act on their behalf in Slack, Notion, GitHub, Google, Discord. The user clicks a link, the third-party service shows a permission screen, the user approves, the runtime receives a token and stores it in the credential vault. A background loop refreshes tokens before they expire so agents do not break overnight.

Related concepts

Credential vaultAn encrypted store for API keys, tokens, and connection strings, referenced from YAML by name.Per-user scopeA credential resolution mode where each user brings their own key, resolved at session start.

Read the deep dive

How credentials work on Digitorn: an encrypted vault driven from YAML

Read article

Newsletter

Get the next post in your inbox.

Engineering notes from the Digitorn team. No marketing, no launch announcements, no "10 prompts that will change your life". Just the things we write that we'd want to read.

More in Security

Credential vault/glossary/credential-vault Envelope encryption/glossary/envelope-encryption KMS/glossary/kms Per-user scope/glossary/per-user-scope