Skip to Content
Use Arcade ToolsIn Your Agent / AppUser Authentication Patterns

User Authentication Patterns

When building user-facing applications with Arcade, you need to decide how users will authenticate with the services your accesses. This page covers the three main patterns.

This is critical for production apps. Understanding these patterns will save you significant debugging time.

Pattern 1: Pre-authorized (Your Credentials)

Use your own or OAuth tokens. The acts as you, not as the end .

When to use:

  • Internal and automations
  • Single- applications
  • Testing and development

Example: A Slack bot that posts to your company’s #announcements channel using your Slack credentials.

Python
# You've already authorized during setup
# All requests use your stored credentials
response = client.tools.execute(
    tool_name="Slack.SendMessage",
    inputs={"channel": "#announcements", "message": "Hello!"}
)

Pattern 2: User-facing (OAuth Popup)

Each user authorizes their own . The acts on behalf of each individual .

When to use:

  • Multi- SaaS applications
  • Apps where manage their own data
  • Production applications

Example: A productivity app where each connects their own Gmail to summarize their emails.

Python
# Check if user has authorized
auth_status = client.auth.status(
    tool_name="Google.ListEmails",
    user_id="user_123"
)
 
if auth_status.status == "not_authorized":
    # Redirect user to authorization URL
    return redirect(auth_status.authorization_url)
 
# User is authorized, execute the tool
response = client.tools.execute(
    tool_name="Google.ListEmails",
    user_id="user_123"
)

See detailed OAuth flow guide →

Pattern 3: Headless / CLI (Device Flow)

For command-line and environments without a browser.

When to use:

  • CLI applications
  • Server-side batch jobs
  • Environments without a UI

Example: A CLI that posts to Twitter on your behalf.

Python
# Start device authorization flow
auth = client.auth.start_device_flow(
    tool_name="Twitter.PostTweet",
    user_id="user_123"
)
 
print(f"Go to {auth.verification_url} and enter code: {auth.user_code}")
 
# Poll for completion
client.auth.wait_for_completion(auth.device_code)

Comparison Table

PatternMulti-userRequires UIComplexity
Pre-authorizedNoNoLow
User-facing OAuthYesYesMedium
Headless/DeviceYesNoMedium

Working Examples

See these patterns in action:

Common Issues

”User not authorized” errors

The user hasn’t completed OAuth for the requested service. Check auth status before calling .

Token expiration

OAuth tokens expire. Arcade handles refresh automatically, but you may see brief delays during token refresh.

Wrong user context

Make sure you’re passing the correct user_id to associate calls with the right ’s credentials.

See troubleshooting guide →

Last updated on
Choose Your FrameworkHandle Auth Status & Errors