Authentication

MCP Servers — OAuth 2.0 + PKCE

All MCP servers authenticate using OAuth 2.0 with PKCE (Proof Key for Code Exchange). This is the standard auth flow for MCP clients.

Flow

Your MCP client initiates an OAuth authorization request
User authenticates via the EZBiz login page
An authorization code is returned to the client
The client exchanges the code for an access token (with PKCE verification)
The access token is used for all subsequent tool calls

Token Refresh

Access tokens expire after 1 hour. Your MCP client should handle automatic token refresh using the refresh token provided during the initial auth flow.

PDFShift & SEO Toolkit — Supabase Auth

Both web applications use Supabase authentication with session-based auth cookies.

Sign up with email/password
Sessions are managed via @supabase/ssr middleware
Shared auth — one account works for both PDFShift and SEO Toolkit

AI Front Office — Dashboard Auth

Client dashboards use a separate auth system provided during onboarding. Credentials are set during the setup process.

Stripe Billing

Pro features across all products are gated by Stripe subscription status. The auth system checks your subscription tier on each request.

MCP Servers — OAuth 2.0 + PKCE​

Flow​

Token Refresh​

PDFShift & SEO Toolkit — Supabase Auth​

AI Front Office — Dashboard Auth​

Stripe Billing​