Improved Coinbase Connect (OAuth2)

Coinbase Connect

We’re excited to release an improved version of Coinbase Connect, the OAuth2 implementation that allows developers to connect to Coinbase wallets.

Coinbase Connect’s authorization view (aka permissions dialogue), shown to users when they are authorizing applications, has been redesigned from the ground up. Permissions are now organized into logical groups. Permissions such as send bitcoin, show user’s email and others that afford developers nontrivial responsibility, are clearly and individually displayed to the user, while permissions that deliver significantly less sensitive information are bundled together.

We’re also introducing the concept of “application controlled wallets.” Previously, an application would by default request and gain access to all of user’s wallets. Now the authorization dialogue lets the user specify one wallet to link with the app, or to create a new associated wallet. Apps may still request to access to all of user’s wallets (e.g. for tax reporting). Account access is easily controlled with a new account parameter in the authorization URL. You can find more info in the OAuth reference documentation.

After introducing send limits earlier this year, we have now also included the option for the users to change their send limits when authorizing an application.

What does this mean for existing applications?

All existing applications will continue to work without interruption. This includes retaining access to all accounts by default. We encourage developers to update their applications to only access one wallet, by directing new users to enter the new authorization flow. This can be triggered for existing users by using the account=select parameter within the OAuth authorization URL.

Finally, since we have added more application information to the Coinbase Connect auth dialogue, we also recommended that developers complete and/or update their developer information and logos in their OAuth application settings.

Please note: We’re hiring engineers (both in our San Francisco office and remote anywhere in the world). If you’re interested in speaking with us about a role we’ve set up a coding challenge that you can take in about 30–45 minutes. You can also apply through our careers site if you prefer to start the conversation that way.

Written by Jori Lallo