OAuth
OAuth (Open Authorization) is an open standard for delegated authorization that allows a third-party application to access a user's data in another service without requiring the user to share their password.
理解する OAuth
OAuth solves a fundamental problem in integrations: how does App A access your data in App B without you giving App A your App B password? Sharing passwords is dangerous — if App A is compromised, your App B credentials are too. OAuth creates a safer alternative through authorization tokens. The OAuth flow works as follows: you click 'Connect to Gmail' in GAIA, you're redirected to Google's authorization page, you approve the specific permissions GAIA is requesting (read email, send email, manage calendar), Google issues an access token to GAIA, GAIA uses that token to make API calls on your behalf. You never share your Google password with GAIA. OAuth 2.0 (the current standard) supports multiple flows for different contexts: Authorization Code (for web applications, the most secure), Client Credentials (for server-to-server integrations), and Device Code (for devices without browsers). Most user-facing integrations use Authorization Code flow. Scopes are a critical security feature of OAuth. Rather than all-or-nothing access, OAuth scopes define granular permissions — GAIA might request 'read email' scope but not 'delete email' scope. Users can see exactly what permissions they're granting and revoke them at any time.
GAIAの活用方法 OAuth
GAIA uses OAuth 2.0 for all third-party integrations including Gmail, Google Calendar, Slack, Notion, Linear, and 50+ other services. You authorize GAIA with specific scopes for each service; GAIA never stores your passwords. All OAuth tokens are encrypted at rest and can be revoked at any time from your connected accounts settings.
関連概念
API統合
API統合とは、アプリケーションプログラミングインターフェースを介してさまざまなソフトウェアアプリケーションを接続し、データと機能をシームレスに共有できるようにするプロセスです。
セルフホスティング
セルフホスティングとは、クラウドホストサービスを使用する代わりに独自のサーバーまたはインフラストラクチャでソフトウェアを実行する実践であり、データ、構成、および可用性に対する完全な制御をユーザーに提供します。
Data Sovereignty
Data sovereignty is the principle that data is subject to the laws and governance of the jurisdiction where it is stored, and that individuals and organizations have the right to control where their data resides and who has access to it.
REST API
A REST (Representational State Transfer) API is a web service interface that uses standard HTTP methods (GET, POST, PUT, DELETE, PATCH) to access and manipulate resources identified by URLs, following a set of architectural conventions that make APIs predictable and interoperable.
Webhook
A webhook is an HTTP callback mechanism where a system sends an automated HTTP request to a specified URL whenever a defined event occurs, enabling real-time notification and integration between services without polling.
