Create an OAuth App
An OAuth app represents your integration. It holds your credentials, the permissions you ask for, and the URLs users come back to after signing in.
Steps
- Sign in to Chess Scanner and open Dashboard → OAuth Apps.
- Click New OAuth App.
- Fill in the form:
- Application name: the name users see on the consent screen.
- Homepage URL: your app's website.
- Authorization callback URLs: one per line. Users come back here after authorizing, so each URL has to match exactly (scheme, host, and path).
- Logo URL (optional): shown on the consent screen.
- Permissions: the scopes your app may request. They start selected, so uncheck the ones you don't need.
- Click Register application.
- Copy your Client ID and Client Secret right away. The secret is only shown once.
Keep the Client Secret somewhere safe, like a secrets manager. You won't see it again. If you lose it, generate a new one and the old one stops working.
Permissions
| Scope | Allows reading |
|---|---|
user.read | The user's basic profile (name, email, avatar) |
databases.read | The user's databases |
games.read | Games, single games, PGN export and the changes feed |
offline_access | Issues a refresh token for long-lived access |
Managing an app
Open an app from the list to:
- Edit its name, homepage, callback URLs, logo, and permissions. Adding a permission means users have to approve it again the next time they sign in. Removing one only affects new authorizations, since tokens you already issued keep it until they expire.
- Regenerate the client secret. The old secret stops working right away.
- Revoke tokens to invalidate every access token at once. Connected integrations then have to sign in again.
- Delete the app, which permanently revokes all access.
Callback URLs
The redirect_uri you send during authorization
has to be one of the registered callback URLs, matched character for character.
Register every environment you use, for example:
https://your-app.com/oauth/callback
http://localhost:3000/oauth/callback
Next: Authorization.