OAuth Bridges

Some platforms (like Shopify) require OAuth2 for authentication. Orderly handles the OAuth flow and manages token refresh automatically.

How It Works

1. User clicks Connect in the bridge setup UI
2. Orderly redirects to the platform’s authorization URL
3. User grants permissions on the platform
4. Platform redirects back to Orderly with an authorization code
5. Orderly exchanges the code for access and refresh tokens
6. Tokens are securely stored as bridge credentials

Manifest Setup

Set oauth2: true in your auth methods and add the required config fields:

{
  authMethods: {
    apiKey: false,
    accessToken: false,
    oauth2: true,
  },
  configFields: [
    {
      name: 'clientId',
      label: 'Client ID',
      type: 'text',
      required: true,
      helpText: 'OAuth application client ID',
    },
    {
      name: 'clientSecret',
      label: 'Client Secret',
      type: 'password',
      required: true,
    },
    {
      name: 'shopDomain',
      label: 'Store Domain',
      type: 'text',
      required: true,
      placeholder: 'mystore.myshopify.com',
    },
  ],
}

Token Management

Orderly automatically handles:

• Token storage — Access and refresh tokens are encrypted at rest
• Token refresh — When an access token expires, the refresh token is used to obtain a new one
• Credential injection — The current access token is available in config.credentials.accessToken

Scopes

OAuth scopes are platform-specific. Declare required scopes in your bridge documentation:

{
  documentation: {
    setupGuide: 'Requires the following Shopify scopes: read_orders, write_fulfillments',
  },
}

Testing OAuth Locally

For local development, you can bypass OAuth by providing an access token directly in the bridge config. Set authMethods.accessToken: true alongside oauth2: true to allow both flows.