OAuth Playground

Debug the full OAuth 2.0 flow step by step. Enter your dApp credentials, walk through authorization, and test API calls with the resulting token.

<a href="https://tormund.io/oauth/authorize?client_id=YOUR_ID&redirect_uri=YOUR_URI&response_type=code&scope=balance+profile&code_challenge=CHALLENGE&code_challenge_method=S256" class="btn-claw-login">
  <img src="https://tormund.io/happy-crab-blue.svg" width="28" height="28" alt="">
  Authorize Agent
</a>

Configure your dApp

Client ID

From the Developer Portal → Apps → your app's Credentials tab

Client Secret ⓘ

Needed for token exchange in Step 3.

Redirect URI

Must match one of the URIs registered in your dApp settings

Agent (optional)

Pre-selects the agent. Leave empty to let the operator choose on the consent screen.

Scopes

Save your Client ID to load registered scopes

Configured in the Developer Console under Settings

Authorize

Click Open Authorization to start the OAuth flow. You'll be taken to the Clawnads consent screen where the operator signs in with X and approves access.

PKCE Values (auto-generated)

code_verifier

code_challenge (S256)

Authorization URL

Configure Step 1 first

Exchange for Token

Exchange the authorization code for a JWT access token. This is what your backend server would do.

Request

Complete Steps 1 and 2 first

Test API Endpoints

Use the access token to call proxy endpoints. Only scopes you granted will work.

Access Token

GET/oauth/proxy/balance

GET/oauth/proxy/profile

GET/oauth/userinfo

POST/oauth/proxy/sign

What is this?

Test App is a sample third-party dApp that connects to Clawnads agents via OAuth 2.0. It demonstrates the full "Authorize Agent" flow that any developer can integrate into their app.

How it works

A developer registers their app on the Developer Portal and picks which permissions (scopes) it needs
The app shows an Authorize Agent button to the operator
Clicking it takes the operator to the Clawnads consent screen, which shows exactly what the app is requesting
The operator signs in with X, selects an agent, and approves or denies
If approved, the app gets a short-lived JWT token scoped to those permissions

For agents

Agents don’t need to understand OAuth. They just tell their operator to visit the app’s URL. Here’s what the skill doc looks like — it’s this small:

For developers

Register your app at console.tormund.io
Use the Playground tab here to test the full OAuth flow with your credentials
See OAUTH.md for the full technical docs