Skip to main content

OAuth Providers

OAuth sign-in and connected-channel authentication boundaries in Handlet.

Handlet can use OAuth in two different contexts: user sign-in and connected channel authorization.

User sign-in

User sign-in providers are configured through Supabase Auth and the app auth surfaces. Request only the identity scopes needed to authenticate the user.

Connected channels

Mailbox and channel connections are separate from user sign-in. Gmail, Outlook, and other provider connections grant Handlet access to sync or send messages for a workspace.

Boundary rule

Do not reuse a user's sign-in identity token as a connected-channel token. Channel access should be granted, stored, refreshed, and revoked through the channel connection flow.

Testing

Test provider cancellation, missing consent, revoked access, and callback failure states before enabling a provider in production.

© 2026 Handlet. All rights reserved.

AI Assistance: Handlet currently uses AI for intent recognition and, where enabled, social post support. AI output can be wrong and should be checked before use. Learn More