I'm developing a mobile app that needs to connect with a variety of services like GitHub, Linear, Slack, Notion, and more on behalf of users. Essentially, when a user links their GitHub account, I want to store that connection and make API calls for them. I'm aiming to create an open-source, self-hostable OAuth connection manager since all the current options I've found online are too pricey for my needs—like $500 a month for just 25 users, and I expect each user will have at least 10 connections. While I'm not highly technical, I do have Claude helping me out. I've managed to set up some API connections with Opus 4.6, which seems to work well. I'm interested to know if something like this already exists, and if not, what the potential challenges might be. It seems like there's a real opportunity here to leverage AI for automatically fixing connections based on user feedback, subject to our review before implementation. I'd greatly appreciate any advice or insights from experienced developers, as well as any potential pitfalls to watch out for!
3 Answers
Remember, authentication is a key component of any app, especially one handling user accounts. There's a significant amount of risk if it isn't implemented correctly. I'd strongly suggest consulting with a lawyer early in this process to understand the potential legal risks you might be exposing yourself to.
I can’t believe you didn’t just ask Claude for help with this! You might want to look into Authentik, but just a heads-up: it's mainly an identity provider. What you need is something that specifically handles and refreshes OAuth tokens for existing services like GitHub and Slack. So keep that in mind when doing your research.
It sounds like you're at the crossroads of a technical challenge and business opportunity. Since Claude is involved, I'd recommend putting together a clear roadmap. Are you focusing first on the secure token refresh logic or developing the user interface for the initial integrations? Both aspects are crucial, so having a solid plan can help.
Yeah, I checked Authentik, but you're right—it's more about SSO. I need a tool focused on managing tokens instead.