Chat-App OAuth Connectors
Claude, ChatGPT, Cowork, and similar hosted connectors use OAuth 2.1 instead of asking users to paste a static API key.
How the connector signs in
Some hosted chat apps do not ask users to paste a static API key for remote MCP servers. In those clients, Novabrand uses the standard OAuth connector flow: the user signs in, approves access, and the chat app receives a token it can use only for MCP.
- 1
Enter the Novabrand MCP URL in the connector:
https://api.novabrand.ai/mcp. - 2
The chat app discovers the Novabrand sign-in flow automatically.
- 3
Sign in to Novabrand and approve the connector request.
- 4
The connector receives MCP-only access and calls
/mcpon your behalf. - 5
Revoke the connected key in Novabrand if you want to disconnect the chat app.
Discovery endpoints
/.well-known/oauth-protected-resourcenoneProtected-resource metadata for MCP OAuth discovery.
/.well-known/oauth-protected-resource/mcpnoneCompatibility alias for clients that derive metadata from `/mcp`.
Direct agents can still use API keys
Coding agents and server-side tools that support bearer tokens can connect directly with an mcp-scoped nb_sk_... key. Hosted chat apps should use the OAuth connector flow when their UI asks the user to sign in.
