Custom OAuth clients apply workspace-wide for the specific integration. All new connections will use your OAuth application once configured.
How Custom OAuth Works
When you configure a custom OAuth client, Langdock routes all authentication flows through your OAuth application instead of the default Langdock client. This means:- **Your branding **(custom name and logo) appears in consent screens
- Your tenant policies control user access and admin consent requirements
- Your rate limits apply to API calls made by your users
1
Create OAuth App at Provider
Register a new OAuth application in your provider’s developer portal (Google Cloud Console, Microsoft Azure, etc.).Required Configuration:
- Copy the exact redirect URL from Langdock’s integration settings
- Select all required scopes shown in Langdock for that integration
- Configure any tenant-specific settings (admin consent, allowlisting)
2
Gather Credentials
Note down the following from your OAuth app:
- Client ID (always required)
- Client Secret (always required)
- Tenant ID or Domain (required for some providers like Microsoft)
3
Configure in Langdock
Navigate to Settings → Integrations and select your target integration.
4
Test Authentication
Have a user connect their account to verify:
- Consent screen shows your client
- Required scopes are granted
- Data access works as expected through actions
Integration Settings Interface
When configuring a custom OAuth client, you’ll see these fields:- Redirect URL
- Required Scopes
- Credentials
Copy this exact URL to your OAuth app’s redirect URI configuration. The URL format is:
The redirect URL must match exactly. Any mismatch will cause
redirect_uri_mismatch errors.Behavior and Impact
Workspace-Wide Changes
- All new connections use your custom OAuth client
- Existing connections continue working until users reconnect
- Only affects the specific integration you configured
User Experience
- Users see your app name and branding in consent screens
- Authentication flows redirect through your OAuth application
- Your app’s rate limits and quotas apply to user requests
Common Configuration Errors
redirect_uri_mismatch
redirect_uri_mismatch
Cause: Redirect URL doesn’t match exactly between Langdock and your OAuth appSolution:
- Copy the redirect URL from Langdock exactly
- Check for trailing slashes or protocol mismatches
- Verify you’re configuring the correct environment
invalid_client
invalid_client
Cause: Client ID or Client Secret is incorrectSolution:
- Double-check credentials from your OAuth app
- Ensure no extra spaces or characters
- Verify the client is enabled in your provider’s console
consent_required
consent_required
Cause: Admin consent required but not grantedSolution:
- Grant admin consent in your tenant settings
- Enable user consent if appropriate for your organization
- Check tenant allowlisting requirements
insufficient_scope
insufficient_scope
Cause: Missing required scopes in your OAuth appSolution:
- Add all scopes shown in Langdock to your OAuth app
- Users may need to reconnect after adding scopes
- Verify scope names match exactly (case-sensitive)
Managing Existing Connections
When switching from Langdock’s default client to your custom OAuth client:Existing user connections may require re-authentication. We suggest notifying your users upfront.
Migration Steps
- Configure your custom OAuth client
- Notify users about the upcoming change
- Save the new OAuth configuration
- Users reconnect their accounts when prompted
- Verify all connections work with your custom client
Keep your OAuth app credentials secure and limit access to organization admins only.