oauth

A CLI tool called relay-ai acts as a proxy for Codex Desktop and Claude Code, enabling users to route requests to any model (including GLM 5.2) using their own API keys or OAuth subscriptions, with features to prevent crashes and manage context overflow.

Cloudflare launched self-managed OAuth for all customers, allowing developers to create and manage OAuth clients for delegated API access, improving security and scalability of the Cloudflare app ecosystem.

The Enterprise-Managed Authorization extension for MCP is now stable, allowing organizations to centrally manage authorization for MCP servers and enabling zero-touch OAuth for end-users. Adopted by Anthropic, Microsoft, and Okta.

This article critiques the common OAuth loopback authentication pattern used by many CLI tools, which fails on headless machines, and advocates for alternative methods like device code flow that have been standard since 2019.

Nango is an open-source integration platform with built-in authorization management for over 800 mainstream APIs, helping simplify OAuth authorization and token refresh processes and reducing redundant work.

A personal health MCP server that gives AI agents like OpenClaw access to real health and performance data from wearables (Oura, Garmin, WHOOP, etc.) via a unified interface and OAuth device-code flow.

We shipped an MCP server where agents inherit human identity, implementing OAuth 2.1 federation and per-IdP claim mappers to solve agent identity management and RBAC policy evaluation.

Discussion of best practices for storing and managing OAuth tokens used by AI agents to call third-party services, covering token refresh, revocation, and scope drift.

xAI's SuperGrok subscription now integrates with Hermes Agent via OAuth, enabling access to Grok 4.3, text-to-speech, image/video generation, and X search without separate API keys or billing.

Hermes Web UI updated to v0.5.28, adding xAI Grok OAuth login with support for SuperGrok subscriber authorization, and introducing Bridge session-level model settings and other improvements.

Clawvisor is a new authorization layer for AI agents that enables secure access to apps like Gmail and Slack without exposing credentials or allowing rogue actions, solving key safety issues in agent deployment.

A Roblox cheat infected a Context.ai employee with Lumma Stealer, which led to compromised OAuth credentials being used to breach Vercel's internal systems, exposing non-sensitive environment variables and highlighting risks of broad AI tool OAuth permissions.