OAuth integrations with multiple providers, automatic token refresh, and AES-256 credential encryption.
Your customer data lives in Stripe. Support conversations in Intercom. Usage analytics from your app. Sales pipeline in Salesforce. Team chat in Slack. Nothing talks to each other.
"Who are our best customers?" means logging into 5 different services and piecing it together manually.
"Connect Stripe, Intercom, and Salesforce. Pull all customer data into one place so I can actually see what's happening."
*Sets up OAuth flows, guides you through authorization, creates sync workflows*
"Connected. I'm syncing customer data from all three services into your database. It'll refresh every hour. You now have a unified customer table with payment history, support tickets, and deal status."
"When a customer upgrades their plan in Stripe, post a celebration message in our #wins Slack channel and update their status in Salesforce."
*Connects to Slack workspace, creates webhook-triggered workflow listening to Stripe events*
"Done. Every time someone upgrades, your team gets notified and Salesforce updates automatically. Want to test it?"
"Also, if a high-value customer opens a support ticket, alert me immediately."
"Added. You'll get a direct Slack message whenever customers paying >$500/mo open a ticket. Should include their account details?"
This isn't magic. This is collaboration.
Connect your tools once. Let data flow automatically. Stop switching between 20 browser tabs.
Gmail, Calendar, Drive, Sheets
Repos, Issues, PRs, Actions
Office 365, Teams, OneDrive
Messages, Channels, Files
Pages, Databases, Blocks
Issues, Projects, Teams
User or AI calls connect_service with provider and scopes.
connect_service({
provider: "google",
scopes: ["https://www.googleapis.com/auth/gmail.send"],
redirectUri: "https://app.awareness.com/api/connections/callback"
})Tool returns an authorization URL. User opens it in browser and grants permissions.
Provider redirects to callback URL with authorization code. Server exchanges code for access/refresh tokens.
Tokens are encrypted with AES-256 and stored in the Connection table. Connection status becomes "active".
Tools like gmail_send or github_create_issue automatically fetch tokens and make API calls.
Access tokens expire after 1 hour (Google) or variable periods (other providers). The system automatically refreshes tokens before they expire:
// Automatic refresh flow 1. Tool (e.g., gmail_send) requests access token 2. ConnectionLookup checks expiresAt timestamp 3. If expired and refreshToken exists: a. Call provider token endpoint with refresh_token grant b. Get new access_token and expiresAt c. Update Connection record in database 4. Return fresh access token to tool // Providers with refresh support: - Google (3600s expiry) - GitHub (no expiry, but can be revoked) - Microsoft (3600s expiry) - Slack (no expiry) // Fallback for expired tokens without refresh: - Connection status becomes "expired" - User must re-authenticate
Token refresh is transparent to workflows and users. Failed refreshes mark the connection as "expired" and require re-authentication.
// Step 1: Connect Gmail (one-time)
connect_service({
provider: "google",
scopes: [
"email",
"profile",
"https://www.googleapis.com/auth/gmail.send"
],
redirectUri: "https://app.awareness.com/api/connections/callback"
})
// Returns: { authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth?..." }
// User opens URL, grants permissions, redirects back
// Connection is now active
// Step 2: Send email (automatic token lookup)
gmail_send({
to: "user@example.com",
subject: "Report Ready",
body: "Your daily report is attached.",
attachments: [
{ filename: "report.pdf", content: "base64_encoded_pdf" }
]
})
// Behind the scenes:
// 1. ConnectionLookup fetches Google connection for current user
// 2. If token expired, automatically refreshes
// 3. Makes Gmail API call with fresh token
// 4. Returns success/failure
// Step 3: List connections
list_connections()
// Returns: [
// { provider: "google", displayName: "user@gmail.com", status: "active", createdAt: "..." },
// { provider: "github", displayName: "username", status: "active", createdAt: "..." }
// ]
// Step 4: Disconnect (revoke tokens)
disconnect_service({ connectionId: "userId:google" })Once connected, these tools become available for workflows and AI:
gmail_list - List messages with querygmail_get - Get message by IDgmail_send - Send email with attachmentsgithub_list_repos - List user reposgithub_get_repo - Get repo detailsgithub_list_issues - List issuesgithub_list_prs - List pull requestsgithub_create_issue - Create issuegithub_get_user - Get user infolist_connectionsList user's active connections
list_connection_providersList available OAuth providers
connect_serviceInitiate OAuth flow for provider
disconnect_serviceRevoke connection and delete tokens
get_connection_statusCheck connection health