MAILGENT
Concepts

OAuth

OAuth 2.1 / OIDC authorization for Mailgent agents and MCP clients

Coming soon. A full step-by-step OAuth integration guide is in progress. The endpoints below are live today — this page documents them in depth soon.

Mailgent runs a standard OAuth 2.1 authorization server at https://api.mailgent.dev. Any spec-compliant MCP client (Claude, ChatGPT, MCP Inspector) discovers it automatically via well-known metadata — no manual configuration.

Discovery endpoints

  • Authorization Server Metadata (RFC 8414) — https://api.mailgent.dev/.well-known/oauth-authorization-server
  • Protected Resource Metadata (RFC 9728) — https://api.mailgent.dev/.well-known/oauth-protected-resource
  • JWKShttps://api.mailgent.dev/.well-known/jwks.json

What's supported

  • Grant typesauthorization_code, refresh_token
  • PKCES256 (required)
  • Dynamic Client Registration (RFC 7591) — POST /oauth/register
  • Scopesmail:*, vault:*, identity:*, calendar:*

In the meantime

  • Agents — see For Agents for the agent signup + auth flow.
  • MCP clients — see MCP setup to connect Cursor, Claude Code, or a custom agent.

Scopes

Permission scopes for API access

Vault

Encrypted credential store for agent secrets

On this page

Discovery endpointsWhat's supportedIn the meantime