Skip to main content
Connected Apps is a Stytch product that enables your application to become an OAuth and OIDC Authorization server. Being an Authorization Server means that your Stytch-powered app can safely and securely share user data with other applications or services. This enables users of your Stytch app to use their in-house tools, external integrations, desktop apps, AI agents, or any other compatible tools to access data stored in your Stytch application.

OAuth and OIDC

OAuth (open authorization) is a framework of protocols that allow an end user to grant websites or applications access to the user’s account data, without sharing critical account credentials like passwords. OAuth defines procedures for clients to obtain access tokens from an authorization server with the consent of the end user. OAuth also defines protocols for clients to present these access tokens to resource servers to access protected resources. OIDC (OpenID Connect) is an additional identity layer built on top of the OAuth framework. OIDC defines mechanisms that enable applications to verify the identity of the end user and view profile information such as their email address. Because OIDC further standardizes OAuth, it is a preferred integration approach for many off-the-shelf tools. Many OAuth authorization servers are also OIDC authorization servers. Learn more about OAuth here, including important terminology and more about OAuth grant types.

Implementing OAuth with Stytch Connected Apps

Unlike most CIAM providers, rather than requiring you to use a separate authorization server, Stytch provides a set of APIs, SDKs, and UI components that you can use to easily build your own authorization server. This approach means that the user experience feels like your users never leave your application rather than navigating to a separate site with its own design and user experience idioms. This provides reassurance to users who might otherwise feel uncertain about taking sensitive actions with a third party (like providing authentication credentials). Additionally, you can customize different parts of the flow to use your own domain, codebase, UI components, etc. Specifically, your app is responsible for hosting the Authorization Endpoint. The Authorization Endpoint is a web page that the end-user’s User Agent is redirected to by the client. For example, the client app might have a "Log in with Your App" button that redirects the user to your endpoint. The web page validates that the user is logged in, and if necessary, prompts them for consent to share their data. After the user responds, the web page redirects the user back to the client with an authorization code. The client can then exchange the authorization code for an access token for future use. The Authorization Endpoint UI experience can be built using Stytch’s Frontend SDKs directly embedded in your app or with Stytch’s API endpoints for complete control over the interaction.

Demo Application Quickstarts

Stytch maintains several MCP Server Connected App demos in the Demo Monorepo for convenient testing and access. Learn how Connected Apps can be used in a variety of languages and runtimes.

What’s next

Read on for next steps: