Back to Documentation
Authentication
Authentication
mdsync.app uses OAuth 2.0 to securely connect your accounts. You'll need to authenticate with three services:
Primary Authentication: Google
- Required: Yes, this is your main account
- Purpose: User authentication and account management
- How: Sign in with Google when you first visit mdsync.app
- Data: We collect your email, name, and profile picture
GitHub Authentication
- Required: Yes, to sync repositories
- Purpose: Access your GitHub repositories and manage webhooks
- Scopes:
repo - Read repository contents
- admin:repo_hook - Create and manage webhooks
- How: Click "Connect GitHub" in the dashboard
- Security: Your GitHub access token is encrypted before storage
Notion Authentication
- Required: Yes, to sync to Notion
- Purpose: Create and update pages in your Notion workspace
- Scopes: Full workspace access (as granted during authorization)
- How: Click "Connect Notion" in the dashboard
- Security: Your Notion access token is encrypted before storage
Managing Connections
- View Status: Check connection status in the dashboard
- Disconnect: Click "Disconnect" to revoke access (synchronizations will pause)
- Reconnect: Click "Connect" again to re-authorize
- Security: All OAuth tokens are encrypted using AES encryption
Token Security
All OAuth tokens are:
- Encrypted using AES encryption before database storage
- Only accessible server-side (never exposed to client)
- Automatically deleted when you disconnect an account
- Revoked immediately upon account deletion