Recipe 19 — OAuth 2.1 partner integration (server-to-server)
Status: ⏸ Coming M6+ TZ reference: TZ-10 §3.11 (
tz10-oauthgate)
The /oauth/token endpoint (OAuth 2.1 Authorization Code + PKCE for user-
facing flows, OAuth 2.0 Client Credentials for M2M partner integrations)
ships in M6+ Public Beta. The Day-0 auth seam is opaque Bearer (JWT or
cag_live_* API key); the SDK accepts both without local validation.
When OAuth lands the SDK will gain:
client.oauth.exchange_authorization_code(...)for Authorization-Code flowclient.oauth.client_credentials(...)for M2M partner integrations- Automatic token refresh inside the long-lived
CryptoAIClient
For Day-0 partner integrations, mint a long-lived API key (cag_live_*)
out-of-band and use it directly as apiKey on the client.