• Documentation
    • Search documentation
    karat

    +

    K

    API Reference ↗
    Management & enablementConsumer modeSolution setup guidesFoundry-hosted OAuth applications

    Foundry-hosted OAuth applications

    OAuth applications are pro-code OSDK applications hosted within Foundry that support interactive user authentication using the authorization grant flow. These applications leverage Foundry security primitives for interactive custom applications.

    Foundry-hosted OAuth applications are ideal for the following use cases:

    • Interactive web applications that require user authentication.
    • Multi-user applications where different users require different permissions.
    • Pro-code custom applications built with the OSDK and hosted on Foundry.

    Architecture

    User → Foundry Subdomain → OAuth Flow → OSDK App → Foundry APIs

    Foundry-hosted applications are deployed at dedicated subdomains (for example, https://subdomain-for-app.your-foundry-domain.com/) and follow the interactive login flow with OAuth redirect where consent is configurable.

    Prerequisites

    Before setting up a Foundry-hosted OAuth application, ensure the following:

    • The Foundry platform is configured to use consumer mode.
    • You have the correct permissions to create and host a Developer Console application.
    • You have or have access to frontend development experience to build applications.

    Setup

    Step 1: Create an OSDK application

    Follow our documentation to create a new OSDK application.

    1. Create the application: Use the OSDK CLI or Developer Console to create a new frontend application.
    2. Configure OAuth settings: Use the public client for user authentication.
    3. Define application scope: Configure the required scopes for accessing Foundry resources.

    Step 2: Develop your OSDK application

    Build your frontend application using the OSDK framework. You can review a TypeScript example in our OSDK documentation.

    Step 3: Deploy the application to Foundry

    Deploy your OSDK application to be hosted on Foundry, and remember your subdomain.

    Step 4: Verify consumer access

    1. Configure application permissions: Grant your consumer rule based group access to the deployed OSDK application.
    2. Check consumer access in Developer Console: If a user is missing any permissions, add them to the necessary projects within the consumer space to grant them access.
    3. Test user flow: Verify that consumer users can access the application with appropriate permissions.

    Troubleshooting

    Application permission issues

    • Permission issue: Confirm in the Check Access panel that users can access all resources in the application.
    • Scope errors: Validate that the OAuth client has the correct scopes in Developer Console.

    User experience issues

    You now have a working Foundry-hosted application for secure external consumer use. Your OSDK application provides authenticated users with secure access to Foundry data and functionality while maintaining appropriate permission boundaries and user isolation.