
OAuth for AI agents: how agents sign in to your apps
OAuth lets an AI agent act on your apps without ever seeing your password. How the flow works, what scopes mean, and who should hold the token.
OAuth is the "Sign in with Google"-style flow that lets an AI agent act on your apps without ever handling your password: you approve access once in your browser, the app issues a limited token, and the agent's integration uses that token for every action. You can revoke it at any time from the app's own security settings.
Why agents shouldn't use your password
A password grants everything, forever, and can't be scoped or revoked without changing it everywhere. A token from OAuth is the opposite: limited to specific permissions, tied to one integration, refreshable, and revocable in one click. Any agent setup that asks you to paste your actual password into a config file is a red flag.
How the OAuth flow works for an agent
You click connect, the app (Google, Notion, Slack…) shows its own consent screen listing what's being requested, and on approval it sends a token back to the integration — not to the model. From then on, every tool call the agent makes is authenticated with that token, and the integration silently refreshes it when it expires. The model itself never sees a credential.
Scopes: what the agent is allowed to do
Scopes are the permissions on the token — "read email" and "send email" are separate scopes in Gmail, for example. An agent can only call actions its token's scopes allow; anything else fails at the provider, no matter what the agent tries. This is also why a tool occasionally fails even though the connection is healthy — the account or plan simply doesn't include that permission.
Who holds the token
If you wire up an integration yourself, the token usually ends up in a local config file — workable, but you own its storage, refresh logic, and revocation story. A hosted app connector holds tokens server-side, encrypted, so the agent's machine never stores app credentials at all.
That's ClawLink's model: hosted OAuth for every app that supports it, encrypted credential storage, and disconnect-anytime from the dashboard. Details on the security page. For apps that only offer API keys, the hosted setup walks you through those too — see is it safe to connect Gmail to an AI agent? for the trust checklist.