Nolixan

Connecting accounts

The OAuth connect → callback → refresh flow that produces a connection.

For OAuth providers, a connection is created by walking the user through the provider's consent screen. Nolixan handles the callback, stores the tokens encrypted, and refreshes them automatically thereafter.

The flow

  1. Start — your app sends the user to Nolixan's connect URL for the provider. Nolixan redirects to the provider's OAuth consent screen.
  2. Consent — the user approves the requested scopes at the provider.
  3. Callback — the provider redirects back to Nolixan's callback. Nolixan exchanges the code for tokens and stores them as a connection (encrypted at rest, AES-256-GCM).
  4. Refresh — when an access token nears expiry, Nolixan refreshes it using the refresh token before the next action runs. You never handle raw tokens.

The connection's connection_id identifies which account was connected; use it when you execute actions.

Which OAuth app is used

By default Nolixan can use a managed OAuth app so your users get one-click connect, or you can bring your own client credentials. See Managed vs custom auth and White-labeling.

Non-OAuth providers

For API-key or token providers, create the connection directly by storing the credentials.

On this page