Skip to main content

What is OAuth?

OAuth is a secure way for apps to access your accounts in other services without ever seeing your password. When you connect Civic to GitHub, Slack, or Dropbox, you’re using OAuth.

How It Works

Instead of giving Civic your GitHub password, OAuth works like this:
1

Permission Request

Civic says “I’d like to access your GitHub repos”
2

You Authorize

GitHub asks you “Allow Civic to access your repos?” and you click “Yes”
3

Secure Token

GitHub gives Civic a special token (not your password) that proves you said “yes”
4

Access Granted

Civic uses the token to access your repos on your behalf

Why OAuth is Safer

With passwords:
  • ❌ Apps store your actual password
  • ❌ If they get hacked, your password is exposed
  • ❌ Hard to revoke access
  • ❌ App can do anything your account can do
With OAuth:
  • ✅ Apps never see your password
  • ✅ You can revoke access anytime
  • ✅ Limited permissions (read repos, not delete account)
  • ✅ Tokens expire automatically

OAuth in Civic

When you first use a tool in Civic:
  1. Chat Interface: Your AI will ask you to authorize the service
  2. Quick Authorization: Click to approve the specific permissions needed
  3. One-Time Setup: You only need to do this once per service
  4. Automatic Management: Civic handles token refresh and renewal

Managing Your Authorizations

You can always:
  • View connected services in your Civic dashboard
  • Revoke access to any service instantly
  • Re-authorize if you need different permissions
  • See what permissions each service has

Common Questions

The service immediately stops working in your AI assistant. You can re-authorize it anytime by using a command that requires that service.
No, never. Civic only stores OAuth tokens, which are secure, limited-permission keys that don’t contain any password information.
Yes! During the OAuth flow, you can often choose which permissions to grant. For example, you might allow read access to repositories but not write access.
OAuth tokens typically last 1-24 hours before automatic refresh. If you don’t use a service for extended periods, you may need to re-authorize.

Security Best Practices

  • Review permissions before clicking “Authorize”
  • Revoke unused services periodically in your Civic dashboard
  • Use specific permissions rather than granting broad access
  • Monitor your connected services to ensure you recognize them all
OAuth keeps your accounts secure while letting your AI assistant do useful work across all your tools.