To integrate with CoLoop, you’ll need to provide us with the following information:

  1. Application Name: A name to identify your integration (e.g., “Your Product Name”)
  2. Callback URL: The URL where users will be redirected after authenticating with CoLoop (e.g., https://yourdomain.com/oauth2/callback)
  3. Application Type: Whether your application is public or private
    • Choose private for server-side applications that can securely store credentials
    • Choose public for client-side applications (browsers, mobile apps) that require PKCE flow

Once you provide this information, we’ll create an OAuth application for you and provide you with the necessary credentials and endpoints.

Response Format

For private applications, you’ll receive the following configuration:

{
  "object": "oauth_application",
  "id": "oa_xxx",
  "instance_id": "ins_xxx",
  "name": "Your App Name",
  "client_id": "your_client_id",
  "client_secret": "your_client_secret",
  "public": false,
  "scopes": "email profile",
  "callback_url": "https://your-domain.com/oauth2/callback",
  "authorize_url": "https://clerk.coloop.ai/oauth/authorize",
  "token_fetch_url": "https://clerk.coloop.ai/oauth/token",
  "user_info_url": "https://clerk.coloop.ai/oauth/userinfo",
  "discovery_url": "https://clerk.coloop.ai/.well-known/openid-configuration",
  "created_at": 1234567890123,
  "updated_at": 1234567890123
}

For public applications, the configuration will be similar but without the client_secret field and public set to true:

{
  "object": "oauth_application",
  "id": "oa_xxx",
  "instance_id": "ins_xxx",
  "name": "Your App Name",
  "client_id": "your_client_id",
  "public": true,
  "scopes": "email profile",
  "callback_url": "https://your-domain.com/oauth2/callback",
  "authorize_url": "https://clerk.coloop.ai/oauth/authorize",
  "token_fetch_url": "https://clerk.coloop.ai/oauth/token",
  "user_info_url": "https://clerk.coloop.ai/oauth/userinfo",
  "discovery_url": "https://clerk.coloop.ai/.well-known/openid-configuration",
  "created_at": 1234567890123,
  "updated_at": 1234567890123
}

Important Security Notes

  1. For private applications, store the client_secret securely as it cannot be retrieved later
  2. Public applications use PKCE flow and don’t receive a client secret
  3. The provided scopes (email profile) allow access to basic user information

Contact the CoLoop team to set up your OAuth application during the Alpha phase. In future releases, this process will be self-serve through our developer portal.