WeKeKeWeKeKe
Sign InStart 14-day trial
Docs / Integrations / OAuth Flow

OAuth Flow

How WeKeKe handles secure auth.

OAuth lets WeKeKe connect to providers without storing your main password. You approve access, the provider issues a token, and WeKeKe uses that token to read or send messages. Not all providers use OAuth: Telegram uses a bot token (BYOB) flow.

High‑level flow

1

Authorize

You’re redirected to the provider to approve access.

2

Callback

The provider redirects back to WeKeKe with an auth code.

3

Token exchange

WeKeKe swaps the code for short‑lived access tokens.

4

Refresh & store

Refresh tokens are stored securely to keep the connection alive.

What WeKeKe stores

  • Access tokens (short‑lived, for OAuth providers)
  • Refresh tokens (long‑lived, encrypted, where provider supports refresh)
  • Provider account identifiers

Revoking access

You can revoke access from the provider’s security settings or disconnect inside WeKeKe. Revoking removes the stored tokens and resets the integration to neutral.

Common issues

  • Origin mismatch: ensure the provider’s OAuth settings include your domain.
  • Invalid client: verify client ID/secret in environment variables.
  • Expired tokens: reconnect if refresh fails.