White-labeling authentication
White-labeling lets you use your own OAuth apps instead of Devcaster's. Users will see your app name on consent screens instead of "Devcaster".
By default, OAuth screens show Devcaster's branding. With white-labeling, they'll see your app name and logo.
Create a developer app in the toolkit's developer portal. You'll need the client ID and client secret. Set the callback URL to:
https://backend.devcaster.dev/api/v3/toolkits/auth/callbackFor step-by-step guides on creating OAuth apps for some toolkits, see devcaster.dev/auth.
Create an auth config in the Devcaster dashboard:
- Go to Authentication management → Create Auth Config
- Select the toolkit (e.g., GitHub)
- Choose OAuth2 scheme
- Enter your Client ID and Client Secret
- Select the scopes you need
- Click Create
Copy the auth config ID (e.g., ac_1234abcd).
For detailed instructions with screenshots, see Custom auth configs.
Pass your auth config ID in the session:
session = devcaster.create(
user_id="user_123",
auth_configs={
"github": "ac_your_github_config"
},
)import { Devcaster } from '@devcaster/core';
const devcaster = new Devcaster({ apiKey: 'your_api_key' });
// ---cut---
const session = await devcaster.create("user_123", {
authConfigs: {
github: "ac_your_github_config",
},
});When users connect GitHub, they'll see your OAuth app's name and logo on the consent screen.
Mixing custom and Devcaster-managed auth
You can white-label some toolkits while using Devcaster's managed credentials for others:
session = devcaster.create(
user_id="user_123",
auth_configs={
"github": "ac_your_github_config",
"slack": "ac_your_slack_config",
# gmail, linear, etc. use Devcaster managed auth
},
)import { Devcaster } from '@devcaster/core';
const devcaster = new Devcaster({ apiKey: 'your_api_key' });
// ---cut---
const session = await devcaster.create("user_123", {
authConfigs: {
github: "ac_your_github_config",
slack: "ac_your_slack_config",
// gmail, linear, etc. use Devcaster managed auth
},
});Custom redirect domain
When users authenticate, they briefly see backend.devcaster.dev in their browser URL. Devcaster needs to receive the OAuth callback to capture and store the authentication tokens.
If you need to hide this URL (for enterprise compliance or complete white-labeling), you can proxy the redirect through your own domain:
- Set your OAuth app's redirect URI to your domain:
https://yourdomain.com/api/devcaster-redirect- Create an endpoint that forwards the OAuth callback to Devcaster:
from fastapi import FastAPI, Request
from fastapi.responses import RedirectResponse
app = FastAPI()
@app.get("/api/devcaster-redirect")
def devcaster_redirect(request: Request):
# Forward all OAuth parameters to Devcaster
devcaster_url = "https://backend.devcaster.dev/api/v3/toolkits/auth/callback"
return RedirectResponse(url=f"{devcaster_url}?{request.url.query}")// pages/api/devcaster-redirect.ts (Next.js)
import type { NextApiRequest, NextApiResponse } from "next";
export default function handler(req: NextApiRequest, res: NextApiResponse) {
// Forward all OAuth parameters to Devcaster
const devcasterUrl = "https://backend.devcaster.dev/api/v3/toolkits/auth/callback";
const params = new URLSearchParams(req.query as Record<string, string>);
res.redirect(302, `${devcasterUrl}?${params.toString()}`);
}- Update your auth config in the Devcaster dashboard to use your custom redirect URI.
This makes the OAuth flow go through your domain first, then to Devcaster for token storage.