How it works
- You configure a connector’s auth method (OAuth2, API key, or basic) in App settings.
- Your user authorizes through one of the connection flows below.
- Refold stores the credentials as a linked account, encrypted at rest.
- Connectors, workflows, and MCP servers resolve those credentials internally at run time. They are never returned in inputs or outputs.
- Refold keeps the connection alive with token refresh and re-authentication, and records every event in auth logs.
Connection flows
How a user first authorizes an account. These flows behave the same way across products. The detailed how-tos live under Native frontend, since that is where most teams build the connect experience.Hosted flow
Redirect to a Refold-hosted portal. The fastest path, with no frontend code.
React SDK flow
Drop Refold’s connect component into your React app, with no redirect.
Build your own
Drive the flow from your own UI with the JavaScript SDK for full control.
Importing existing auth
Bring credentials your users already authorized elsewhere into Refold.
Managing connections
How Refold keeps an authorized account usable over its lifetime.Connection status
Read whether each linked account is connected, healthy, or needs action.
Token refresh
Refold refreshes OAuth tokens automatically before they expire.
Re-authentication
Prompt users to reconnect when a token is revoked or a scope changes.
Integration logs
Inspect authentication events, refreshes, and failures.
Where authentication fits in each product
The flows above are shared. Each product frames them for its own reader:| Product | Where the user authenticates | Start here |
|---|---|---|
| Native | Inside your own app’s UI, the experience your customer sees | Frontend auth flows |
| Integration Delivery | Anywhere a connection can be made; enterprise systems may need special connectivity | Authenticating systems |
| MCP | Inline in the agent chat, via the Server-URL token | MCP authentication |
See also
- Linked accounts: the object every auth flow produces
- App settings: authentication: configure a connector’s auth method, including multiple auth methods per connector