VisionDraftVisionDraftHome

OAuth

Secure authentication for MCP clients — no API keys to copy or manage.

Overview

VisionDraft implements OAuth 2.0 with dynamic client registration for MCP connectors. Claude and ChatGPT use this flow automatically when you add the server URL.

Flow

  1. Your AI client discovers OAuth metadata at /.well-known/oauth-authorization-server
  2. User is redirected to VisionDraft sign-in
  3. User authorizes the client on the consent page
  4. Client receives access token (vdo_at_...)
  5. Token is used for all subsequent MCP requests

Endpoints

  • /oauth/authorize — Authorization page
  • /oauth/token — Token exchange
  • /oauth/register — Dynamic client registration
  • /oauth/revoke — Revoke tokens
  • /oauth/userinfo — User profile

Desktop OAuth

VisionDraft Desktop uses the visiondraft:// custom protocol to receive OAuth callbacks from the browser. Click "Sign in via browser" in the desktop app.

Revoking access

Sign out from your AI client or change your VisionDraft password to invalidate all active OAuth sessions.

See Remote MCP setup for client-specific instructions.