charm init --template oauth-integration starter in the CLI. OAuth is configured in charm.yaml with auth.providers on top of any scaffold template (for example python or openclaw).
OAuth integration agents require a user to connect an external account before the agent runs. Charm uses the auth.providers block in charm.yaml to declare those requirements.
Use Case
Use this pattern when an agent needs user-authorized access to external services such as Google, GitHub, Slack, or Notion.Prerequisites
- Charm CLI.
- Nango configured for the provider.
- Store and runner configured with matching Nango environment variables.
Configuration Surface
Document these fields:auth.providersauth.providers[].nameauth.providers[].scopes- provider-specific access token environment variables
Runtime Environment
After the user connects an account, the runner can inject provider tokens into the agent runtime. For example:GOOGLE_ACCESS_TOKENGITHUB_ACCESS_TOKENSLACK_ACCESS_TOKEN
Production Requirements
OAuth requires both the Store and runner to use the same Nango environment:NEXT_PUBLIC_NANGO_HOSTNEXT_PUBLIC_NANGO_PUBLIC_KEYNANGO_SERVER_URLNANGO_SECRET_KEY
Run and Publish
Testing Checklist
- The agent version includes
auth.providersincharm.yaml. - The Store shows the OAuth connection modal.
- The provider redirects back successfully.
- The runner logs show that the provider token was injected.
- The agent handles missing or expired tokens gracefully.
