OAuth 2.0 improvements
Smarter, Safer Logins with OAuth 2.0
We’ve rolled out a major security upgrade: a full OAuth 2.0 implementation that meets the latest enterprise standards. This change brings smarter login flows, better developer tooling, and stronger protections for your data — all built with flexibility and compliance in mind.
Why We Made This Change
Security is never one-size-fits-all — especially as more teams, services, and integrations join the platform. We needed an authentication system that could:
- Handle large-scale use securely
- Let developers register apps programmatically (no tickets!)
- Meet the high bar of enterprise compliance and auditability
OAuth 2.0 gives us all that and more.
What’s New
Dynamic App Registration
You can now register OAuth clients (apps) dynamically using a simple API — no manual setup needed. This was required to expose our API for emerging AI tools.
- Register, update, or delete clients programmatically
- Secrets expire and rotate automatically
- Full metadata support and error feedback that follows the official spec
Stronger Security Built In
- Rate limiting & logging: Built-in safeguards and full audit trails
- JWT tokens: Secure, signed tokens for access
- Scopes: Fine-grained permission control
- JWKS endpoint: Lets external services validate tokens easily
Easier MCP Integration
Our Model Context Protocol (MCP) platform now supports OAuth 2.0 out of the box.
- Use bearer tokens to access MCP tools
- Laravel session support for smooth onboarding
Real-World Benefits
If You’re a Developer:
- Automate app registration and token handling
- Use familiar OAuth 2.0 standards across tools
- Skip boilerplate — just register and go
If You’re an Enterprise Customer:
- Comply with RFC 7591/7592 standards
- Track all OAuth operations via audit logs
- Easily integrate your apps with our platform
If You’re a System Admin:
- Centralize configuration and security settings
- Monitor token usage, audit logs, and rate limits
- Tune your OAuth setup for each environment