--- title: "OAuthApplication" description: "The `OAuthApplication` entity." section: "Reference" group: "Types" order: 154 --- ## Definition ```ts interface OAuthApplication { clientId: string; name: string; type: "public" | "web" | "native" | "user-agent-based"; redirectUrls: Array; ownerOrgId: string; allowedScopes: Array<"workspace:read" | "workspace:write">; isFirstParty: boolean; disabled: boolean; createdAt: string; updatedAt: string; } ``` ## Fields | Field | Type | Notes | | --------------- | ----------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `clientId` | `string` | `required` — OAuth client identifier — what 3rd-party apps pass on the authorize URL. | | `name` | `string` | `required` — Display name shown on the consent screen. | | `type` | `"public" \| "web" \| "native" \| "user-agent-based"` | `required` | | `redirectUrls` | `Array` | `required` — Exact-match list of allowed redirect URLs. | | `ownerOrgId` | `string` | `required` — Organization that owns / manages this application. | | `allowedScopes` | `Array<"workspace:read" \| "workspace:write">` | `required` — Upper bound of scopes this app may ever request. | | `isFirstParty` | `boolean` | `required` — Aeontel-internal trust flag. First-party apps may request unbound (workspace_id = null) tokens and skip consent. Set via direct DB by Aeontel admins only. | | `disabled` | `boolean` | `required` — If true, all authorize / token requests are rejected. | | `createdAt` | `string` | `readonly` `required` — ISO-8601 timestamp of creation. | | `updatedAt` | `string` | `readonly` `required` — ISO-8601 timestamp of last update. |