Securing select ChatGPT plugin functions using OAuth 2.0 Authorization Code Grant Type

At Poly API, we continue to trailblaze the journey towards mainstream generative adoption. We don’t just practice what we preach internally, but we’re also at the forefront of offering this transformative service to our customers.

In my previous posts, I have discussed the essential prerequisites for harnessing the full potential of #ChatGPT Plugins (and future LLM-based AI Agents) to create new innovative commercial channels. I’ve outlined the critical steps of developing plugins that can access a controlled, scoped set of APIs and securely process payments.

Today, I’m thrilled to present the third, and what I believe is the final piece of the puzzle – the ability for ChatGPT users to securely log in using an enterprise’s own OAuth2 Authorization servers, via the Authorization Code Grant Type. This paves the way for enterprises to construct commercial channels with AI Agents, all while adhering to their stringent security and governance standards in protecting their clients’ privacy and data.

One of the most exciting aspects of this feature is its versatility. It offers a “just-in-time” login experience, allowing users to first engage with a company via the AI Agent before needing to log in. It also allows enterprises to use their preferred OAuth 2 Authorization service to protect resources which may have less secure or different Authorization Models.

To give you a hands-on experience of this groundbreaking innovation, I’ve created a demo where Auth0 serves as the authorization provider, Shopify acts as the resource, and Poly enables a developer to weave these elements together to deliver an unmatched user experience.

Enjoy the demo, and as always, I encourage you to reach out should you wish to explore implementing something similar within your enterprise. #AI#OAuth2#PolyTech#GenerativeAdoption

Please note this feature will be generally available in Poly Beta2