Direct OAuth
Connect sources using browser OAuth flow with URL-based connections or BYOC (Bring Your Own Credentials).
Connect sources using browser OAuth flow with URL-based connections or BYOC (Bring Your Own Credentials).
Direct OAuth allows you to create source connections using the standard OAuth 2.0 browser flow. This method provides a seamless user experience where users authenticate directly through their service provider’s consent screen, without needing to manage tokens manually.
Airweave supports two main approaches for Direct OAuth:
Direct OAuth is supported by most Airweave connectors. Some connectors require you to provide your own OAuth application credentials (BYOC), while others can use Airweave’s hosted OAuth flow.
Connectors requiring BYOC:
Connectors using Direct Authentication only:
Most connectors also support authentication through external providers like Composio and Pipedream.
The URL-based OAuth flow is the simplest way to connect sources. Users are redirected to Airweave’s hosted OAuth flow, which handles the entire authentication process.
claim_token that you must store for the verification step.POST /source-connections/{id}/verify-oauth with the claim_token to prove your client initiated the flow. This triggers data synchronization.When using URL-based OAuth, you’ll receive an authorization URL that you need to redirect users to. After they complete the OAuth flow, they’ll be redirected back to your specified callback URL with the necessary parameters.
Important: OAuth browser flows (both standard and BYOC) cannot use sync_immediately=true. After the user completes the OAuth consent screen, you must call the verify-oauth endpoint with the claim_token from the create response to trigger data synchronization. Setting sync_immediately=true will result in a validation error.
After the OAuth callback completes and the user is redirected back to your application, call the verify-oauth endpoint with the claim_token received during connection creation. This proves your client initiated the flow and triggers the data sync.
The redirect_uri is the URL where the user is sent after granting consent with the provider. It must exactly match an allowed redirect/callback URL configured for the OAuth app. Use it when you want users to return to your application after authentication (typical for hosted OAuth). For BYOC, configure the provider to allow Airweave’s callback (https://api.airweave.ai/oauth/callback) and optionally set redirect_uri so Airweave can forward the user back to your app after the token exchange.
BYOC allows you to use your own OAuth application credentials instead of Airweave’s hosted OAuth flow. This gives you more control over the authentication process and branding.
To use BYOC, you’ll need to:
BYOC (Bring Your Own Credentials) is automatically detected when you provide both client_id and client_secret in the OAuthBrowserAuthentication object. If you provide only one of these fields, the API will return a validation error.
BYOC Detection Logic:
client_id AND client_secret provided → BYOC modeclient_id nor client_secret provided → Standard OAuth browser flowclient_id OR only client_secret provided → Validation errorWhen setting up your OAuth application for BYOC, you’ll need to add Airweave’s callback URL as an allowed redirect URI:
Each connector requires specific OAuth scopes to function properly. Check the individual connector documentation for the required scopes.
https://api.airweave.ai/oauth/callbackIf you encounter issues not covered in this documentation, please reach out to us at hello@airweave.ai or check our API Reference for more detailed information about the OAuth endpoints.