OAuth Apps
Each integration needs its own OAuth app in your account, registered against the third-party. This is unavoidable — the hosted openma.dev uses Anthropic’s app credentials, you need yours.
Skip the integrations you don’t plan to use. The platform works fine with zero integrations.
Linear
Section titled “Linear”-
Create the OAuth app.
Go to linear.app/settings/api → OAuth Applications → New.
-
Fill in:
- Name — anything (e.g. “openma self-hosted”)
- Redirect URLs —
https://integrations.yourdomain.com/linear/oauth/callback - Developer URL — anything
- Webhook URL —
https://integrations.yourdomain.com/linear/webhook - Scopes —
read,write,issues:create,comments:create
-
Capture credentials:
- Client ID
- Client secret
- Webhook signing secret
-
Set as Worker secrets:
Terminal window npx wrangler secret put LINEAR_CLIENT_ID -c apps/integrations/wrangler.jsoncnpx wrangler secret put LINEAR_CLIENT_SECRET -c apps/integrations/wrangler.jsoncnpx wrangler secret put LINEAR_WEBHOOK_SECRET -c apps/integrations/wrangler.jsonc -
Test by installing.
In your Console at
https://app.yourdomain.com, Integrations → Linear → Install. The OAuth round-trip should land you back on the Console with the integration green.
GitHub
Section titled “GitHub”-
Create the GitHub App.
Go to github.com/settings/apps/new (or for an org, the equivalent
https://github.com/organizations/<org>/settings/apps/new). -
Fill in:
- Name — globally unique (e.g.
openma-yourcompany) - Homepage URL —
https://app.yourdomain.com - Callback URL —
https://integrations.yourdomain.com/github/oauth/callback - Webhook URL —
https://integrations.yourdomain.com/github/webhook - Webhook secret — generate with
openssl rand -hex 32 - Permissions:
- Contents: Read & Write
- Issues: Read & Write
- Pull requests: Read & Write
- Metadata: Read
- Subscribe to events —
pull_request,pull_request_review_comment,issue_comment,issues
- Name — globally unique (e.g.
-
After creation:
- Note the App ID.
- Generate a private key — downloads a
.pemfile. - Optionally, install the app on your repos.
-
Set as Worker secrets:
Terminal window npx wrangler secret put GITHUB_APP_ID -c apps/integrations/wrangler.jsoncnpx wrangler secret put GITHUB_WEBHOOK_SECRET -c apps/integrations/wrangler.jsonc# Paste the .pem contents (multi-line) when prompted:npx wrangler secret put GITHUB_PRIVATE_KEY -c apps/integrations/wrangler.jsonc -
Test by installing on a test repo and triggering a webhook (e.g. open a PR and tag the bot).
-
Create the Slack app.
Go to api.slack.com/apps → Create New App → From scratch.
-
Fill in:
- App name — anything
- Workspace — your dev workspace
-
Configure OAuth & Permissions:
- Redirect URLs —
https://integrations.yourdomain.com/slack/oauth/callback - Bot Token Scopes:
app_mentions:readchat:writechannels:historygroups:historyim:historympim:historyfiles:readfiles:write
- Redirect URLs —
-
Enable Event Subscriptions:
- Request URL —
https://integrations.yourdomain.com/slack/events - Subscribe to bot events:
app_mention,message.channels,message.im
- Request URL —
-
Capture credentials:
- Client ID, Client Secret (from Basic Information)
- Signing Secret (from Basic Information)
-
Set as Worker secrets:
Terminal window npx wrangler secret put SLACK_CLIENT_ID -c apps/integrations/wrangler.jsoncnpx wrangler secret put SLACK_CLIENT_SECRET -c apps/integrations/wrangler.jsoncnpx wrangler secret put SLACK_SIGNING_SECRET -c apps/integrations/wrangler.jsonc -
Install to your workspace through the Console: Integrations → Slack → Install.
Custom OAuth (Google sign-in)
Section titled “Custom OAuth (Google sign-in)”If you want Google sign-in for the Console (in addition to email + OTP):
-
Go to console.cloud.google.com/apis/credentials → Create Credentials → OAuth client ID → Web application.
-
Authorized redirect URI:
https://app.yourdomain.com/api/auth/callback/google -
Capture client ID + secret. Set:
Terminal window npx wrangler secret put GOOGLE_CLIENT_IDnpx wrangler secret put GOOGLE_CLIENT_SECRET -
Redeploy main worker.