Silo

Concept

OAuth + service connect flow

Silo is the OAuth authority. Users never give their service credentials directly to your app — every flow funnels through Silo, where the user picks which services to share and Silo holds the long-lived tokens.
  1. Step 01

    Client registration

    Your app registers an OAuth client at /oauth/register (Dynamic Client Registration). This is a one-time setup per app, not per user.

  2. Step 02

    User authorization

    Redirect users to /oauth/authorize with PKCE. Silo authenticates them via Clerk and brings them to the consent page.

  3. Step 03

    Service selection

    On the consent page, users pick which of their connected services (Google, Dropbox, GitHub, etc.) to share with your app, and which silos to expose.

  4. Step 04

    Connection complete

    Silo redirects back to your redirect URI with a code. Exchange it at /oauth/token for a bearer. The connection now exists with a default silo pre-provisioned (see Default silo).