Documentation

OAuth 2.0 Integration Guide

Let users sign in with their Plugsky account and authorize your app to access their workspace using standard OAuth 2.0 with PKCE.

Overview

Plugsky supports OAuth 2.0 authorization-code flow with PKCE (Proof Key for Code Exchange). This allows third-party apps to request limited access to a user's Plugsky workspace without exposing their API key.

Getting started

  1. Register your app — Contact hello@plugsky.com to register your OAuth application and receive a client_id and client_secret.
  2. Choose a flow — For server-side apps, use the standard authorization-code flow. For single-page or mobile apps, use the PKCE flow.
  3. Redirect users — Send users to https://plugsky.com/oauth/authorize?client_id=YOUR_ID&redirect_uri=YOUR_URI&response_type=code&scope=read_write
  4. Exchange the code — POST to https://api.plugsky.com/oauth/token with the authorization code to receive an access token.

Scopes

  • read — Read-only access to workspace data
  • write — Create and modify resources
  • admin — Full administrative access
  • offline_access — Receive a refresh token for long-lived access

Example (PKCE flow)

// 1. Generate code verifier and challenge
const verifier = crypto.randomUUID() + crypto.randomUUID();
const challenge = btoa(String.fromCharCode(...new Uint8Array(
  await crypto.subtle.digest('SHA-256', new TextEncoder().encode(verifier))
  ))).replace(/\+/g,'-').replace(/\//g,'_').replace(/=+$/,'');

// 2. Redirect user
window.location = `https://plugsky.com/oauth/authorize?` +
  `client_id=YOUR_CLIENT_ID&` +
  `redirect_uri=${encodeURIComponent('https://yourapp.com/callback')}&` +
  `response_type=code&` +
  `scope=read_write&` +
  `code_challenge=${challenge}&` +
  `code_challenge_method=S256`;

// 3. Exchange code for token (on your server)
fetch('https://api.plugsky.com/oauth/token', {
  method: 'POST',
  headers: {'Content-Type': 'application/json'},
  body: JSON.stringify({
    grant_type: 'authorization_code',
    code: 'THE_AUTH_CODE',
    redirect_uri: 'https://yourapp.com/callback',
    client_id: 'YOUR_CLIENT_ID',
    code_verifier: verifier,
  })
});

Contact us

For OAuth app registration and integration support, email hello@plugsky.com.