BUILT INTO EVERY GOODSPEED APP
OAuth Third-Party Connections (Server-Side Token Vault)
Third-party OAuth tokens are stored server-side in a pgsodium-encrypted column and auto-refreshed within 60 seconds of expiry; the client never sees a raw access token; it calls an Edge Function that returns only the decrypted value for the calling user.
- Tier: Specialized
- Status: Template pattern
- Config: integrations.oauthProviders
WHY IT MATTERS
Most mobile app projects spend weeks plumbing the same infrastructure before writing a single line of product code. OAuth Third-Party Connections (Server-Side Token Vault) is one of those cross-cutting concerns that every app eventually needs but almost none get right the first time. Permissions are handled incorrectly, tokens expire silently, or the feature breaks after an OS update nobody tested against.
Goodspeed solves this by shipping oauth third-party connections (server-side token vault) as a production-grade, tested implementation inside every generated app. The code follows the patterns in the GAS template - the same 246-feature catalog that powers every app we build. Controlled by `integrations.oauthProviders` in gas.config.ts. You own the code from day one, can read every line, and can hire any React Native developer to extend it. The build pipeline verifies the feature compiles and routes resolve before the app lands in your repository, so you are not the one catching the integration error at 2 am before launch.
HOW IT IS WIRED
Real code from the GAS template
The excerpt below is lifted verbatim from gas.config.ts in the gas-template repository. This is the code your generated app gets, not pseudocode, not a description of intent.
// Enable this feature in gas.config.ts
export const gasConfig = {
features: {
// Set the relevant flag to true to enable
},
};Source: goodspeed-apps/gas-template → gas.config.ts
HONEST LIMITS
When OAuth Third-Party Connections (Server-Side Token Vault) is the wrong choice
Unnecessary if the app only uses Supabase's own OAuth for login (Google/Apple sign-in); this feature is for integrations that need persistent delegated access to external APIs (e.g., Google Calendar, GitHub).
Tier: Specialized · Template pattern
Evaluate your use case
Check whether oauth third-party connections (server-side token vault) aligns with your target audience, platform constraints, and regulatory environment before enabling it.
Audit the config
The `integrations.oauthProviders` flag controls this feature. Set it to false in gas.config.ts to disable the feature entirely with no residual code paths.
Seek alternatives
If the built-in implementation does not fit, the generated codebase is standard React Native + Expo code. Any library in the Expo ecosystem can replace the default.
APPS USING THIS FEATURE
Every generated Goodspeed app includes oauth third-party connections (server-side token vault). Browse the ideas catalog to see apps across all categories that ship with this feature wired in.
CAPABILITIES
OAuth Third-Party Connections (Server-Side Token Vault) capability breakdown
Concrete dimensions of what the built-in oauth third-party connections (server-side token vault) implementation covers. These reflect the actual template code, not a marketing summary.
| Item | Description | Strength |
|---|---|---|
| Storage backend | Data for this feature is managed by Supabase Postgres (pgsodium-encrypted oauth_connections table). | Supabase Postgres (pgsodium-encrypted oauth_connections table) |
| Network mode | This feature operates in Online-only mode. | Online-only |
| Sync frequency | Data syncs On-demand (token fetch) + background refresh via job queue. | On-demand (token fetch) + background refresh via job queue |
| Tier | Specialized feature — config-toggled. | Specialized |
| Template status | Enabled via integrations.oauthProviders. | Template pattern |
GET IT BUILT INTO YOUR APP