diff --git a/documentation/appflowy-cloud/openapi/.openapi-generator/FILES b/documentation/appflowy-cloud/openapi/.openapi-generator/FILES
index ba22fa9..d0c3fc7 100644
--- a/documentation/appflowy-cloud/openapi/.openapi-generator/FILES
+++ b/documentation/appflowy-cloud/openapi/.openapi-generator/FILES
@@ -3,6 +3,7 @@ Apis/DatabaseRowDetailsApi.md
Apis/DatabaseRowsApi.md
Apis/DatabaseRowsUpdatedApi.md
Apis/DatabasesApi.md
+Apis/OAuthApi.md
Apis/WorkspacesApi.md
Models/add_database_row.md
Models/createDatabaseRow_200_response.md
@@ -18,6 +19,8 @@ Models/getDatabaseRowIdsUpdated_200_response.md
Models/getDatabaseRowIds_200_response.md
Models/getDatabases_200_response.md
Models/getWorkspaces_200_response.md
+Models/gotrueToken_request.md
+Models/gotrue_token_response.md
Models/icon_type.md
Models/response.md
Models/role.md
diff --git a/documentation/appflowy-cloud/openapi/Apis/OAuthApi.md b/documentation/appflowy-cloud/openapi/Apis/OAuthApi.md
new file mode 100644
index 0000000..e11eef5
--- /dev/null
+++ b/documentation/appflowy-cloud/openapi/Apis/OAuthApi.md
@@ -0,0 +1,70 @@
+# OAuthApi
+
+All URIs are relative to *https://beta.appflowy.cloud*
+
+| Method | HTTP request | Description |
+|------------- | ------------- | -------------|
+| [**gotrueToken**](OAuthApi.md#gotrueToken) | **POST** /gotrue/token | Get a new access token and refresh token based on grant type |
+| [**oauthRedirectToken**](OAuthApi.md#oauthRedirectToken) | **GET** /web-api/oauth-redirect/token | Sign in with AppFlowy OAuth 2.0 |
+
+
+
+# **gotrueToken**
+> gotrue_token_response gotrueToken(grant\_type, gotrueToken\_request)
+
+Get a new access token and refresh token based on grant type
+
+ This endpoint is used to obtain a new access token and refresh token based on the grant type.
+
+### Parameters
+
+|Name | Type | Description | Notes |
+|------------- | ------------- | ------------- | -------------|
+| **grant\_type** | **String**| The grant type of the OAuth 2.0 flow being used to obtain an access token. This can be one of the following: - `refresh_token`: Used to exchange a refresh token for an access token. - `password`: Used to exchange a username and password for an access token. - `id_token`: Used to exchange an ID token for an access token. - `pkce`: Used to exchange an authorization code for an access token. | [default to null] |
+| **gotrueToken\_request** | [**gotrueToken_request**](../Models/gotrueToken_request.md)| The request body for obtaining an access token | |
+
+### Return type
+
+[**gotrue_token_response**](../Models/gotrue_token_response.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+
+# **oauthRedirectToken**
+> gotrue_token_response oauthRedirectToken(code, grant\_type, client\_id, client\_secret, redirect\_uri, code\_verifier)
+
+Sign in with AppFlowy OAuth 2.0
+
+ This endpoint is used obtain an access token from AppFlowy OAuth 2.0. This is called after user tried to sign in with AppFlowy OAuth (/web-api/oauth-redirect). This is primarily used integration with third-party applications.
+
+### Parameters
+
+|Name | Type | Description | Notes |
+|------------- | ------------- | ------------- | -------------|
+| **code** | **String**| The authorization code received from the redirect. | [default to null] |
+| **grant\_type** | **String**| Type of OAuth 2.0 flow being used to exchange the authorization code for an access token. | [default to null] |
+| **client\_id** | **String**| The client ID of the application | [optional] [default to null] |
+| **client\_secret** | **String**| The client's secret (if applicable, for confidential clients). | [optional] [default to null] |
+| **redirect\_uri** | **String**| The redirect URI used in the initial authorization request. | [optional] [default to null] |
+| **code\_verifier** | **String**| Used in PKCE (Proof Key for Code Exchange) to secure public clients. | [optional] [default to null] |
+
+### Return type
+
+[**gotrue_token_response**](../Models/gotrue_token_response.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
diff --git a/documentation/appflowy-cloud/openapi/Models/gotrue_token_response.md b/documentation/appflowy-cloud/openapi/Models/gotrue_token_response.md
new file mode 100644
index 0000000..811dd39
--- /dev/null
+++ b/documentation/appflowy-cloud/openapi/Models/gotrue_token_response.md
@@ -0,0 +1,9 @@
+# gotrue_token_response
+## Properties
+
+| Name | Type | Description | Notes |
+|------------ | ------------- | ------------- | -------------|
+| **access\_token** | **String** | The token that clients use to make authenticated requests to the server or API. It is a bearer token that provides temporary, secure access to server resources. | [optional] [default to null] |
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
diff --git a/documentation/appflowy-cloud/openapi/README.md b/documentation/appflowy-cloud/openapi/README.md
index 9a0cc49..113b84a 100644
--- a/documentation/appflowy-cloud/openapi/README.md
+++ b/documentation/appflowy-cloud/openapi/README.md
@@ -14,6 +14,8 @@ All URIs are relative to *https://beta.appflowy.cloud*
*DatabaseRowsApi* | [**upsertDatabaseRow**](Apis/DatabaseRowsApi.md#upsertdatabaserow) | **PUT** /api/workspace/{workspace_id}/database/{database_id}/row | Updates or creates a row in a selected database. (Upsert) |
| *DatabaseRowsUpdatedApi* | [**getDatabaseRowIdsUpdated**](Apis/DatabaseRowsUpdatedApi.md#getdatabaserowidsupdated) | **GET** /api/workspace/{workspace_id}/database/{database_id}/row/updated | Retrieves a list of database row id which are recently updated in a selected database. |
| *DatabasesApi* | [**getDatabases**](Apis/DatabasesApi.md#getdatabases) | **GET** /api/workspace/{workspace_id}/database | Retrieves a list of database in a workspace |
+| *OAuthApi* | [**gotrueToken**](Apis/OAuthApi.md#gotruetoken) | **POST** /gotrue/token | Get a new access token and refresh token based on grant type |
+*OAuthApi* | [**oauthRedirectToken**](Apis/OAuthApi.md#oauthredirecttoken) | **GET** /web-api/oauth-redirect/token | Sign in with AppFlowy OAuth 2.0 |
| *WorkspacesApi* | [**getWorkspaces**](Apis/WorkspacesApi.md#getworkspaces) | **GET** /api/workspace | Retrieves a list of all workspaces |
@@ -34,6 +36,8 @@ All URIs are relative to *https://beta.appflowy.cloud*
- [getDatabaseRowIds_200_response](./Models/getDatabaseRowIds_200_response.md)
- [getDatabases_200_response](./Models/getDatabases_200_response.md)
- [getWorkspaces_200_response](./Models/getWorkspaces_200_response.md)
+ - [gotrueToken_request](./Models/gotrueToken_request.md)
+ - [gotrue_token_response](./Models/gotrue_token_response.md)
- [icon_type](./Models/icon_type.md)
- [response](./Models/response.md)
- [role](./Models/role.md)
diff --git a/documentation/appflowy-cloud/openapi/components/gotrue_token_response.yaml b/documentation/appflowy-cloud/openapi/components/gotrue_token_response.yaml
new file mode 100644
index 0000000..e3a74b9
--- /dev/null
+++ b/documentation/appflowy-cloud/openapi/components/gotrue_token_response.yaml
@@ -0,0 +1,36 @@
+type: object
+properties:
+ access_token:
+ type: string
+ description: >
+ The token that clients use to make authenticated requests to the server or API.
+ It is a bearer token that provides temporary, secure access to server resources.
+ token_type:
+ type: string
+ description: >
+ The type of token. It is always "Bearer".
+ expires_in:
+ type: integer
+ description: >
+ Seconds until the access_token expires.
+ expires_at:
+ type: integer
+ description: >
+ A timestamp in seconds indicating the exact time at which the access_token will expire.
+ refresh_token:
+ type: string
+ description: >
+ The refresh token is used to obtain a new access_token once the current access_token expires.
+ Refresh tokens are usually long-lived and are stored securely by the client.
+ user:
+ type: object
+ description: >
+ The user object contains information about the user that is currently authenticated.
+ provider_access_token:
+ type: string
+ description: >
+ The access token from the provider.
+ provider_refresh_token:
+ type: string
+ description: >
+ The refresh token from the provider.
diff --git a/documentation/appflowy-cloud/openapi/openapi.yaml b/documentation/appflowy-cloud/openapi/openapi.yaml
index 14a6527..e81641f 100644
--- a/documentation/appflowy-cloud/openapi/openapi.yaml
+++ b/documentation/appflowy-cloud/openapi/openapi.yaml
@@ -11,6 +11,10 @@ info:
servers:
- url: https://beta.appflowy.cloud
paths:
+ /gotrue/token:
+ $ref: './paths/gotrue_token.yaml'
+ /web-api/oauth-redirect/token:
+ $ref: './paths/oauth_redirect_token.yaml'
/api/workspace:
$ref: './paths/workspace.yaml'
/api/workspace/{workspace_id}/database:
diff --git a/documentation/appflowy-cloud/openapi/paths/oauth_redirect_token.yaml b/documentation/appflowy-cloud/openapi/paths/oauth_redirect_token.yaml
new file mode 100644
index 0000000..ce542a3
--- /dev/null
+++ b/documentation/appflowy-cloud/openapi/paths/oauth_redirect_token.yaml
@@ -0,0 +1,54 @@
+get:
+ summary: Sign in with AppFlowy OAuth 2.0
+ description: >
+ This endpoint is used obtain an access token from AppFlowy OAuth 2.0.
+ This is called after user tried to sign in with AppFlowy OAuth (/web-api/oauth-redirect).
+ This is primarily used integration with third-party applications.
+ operationId: oauthRedirectToken
+ tags:
+ - OAuth
+ parameters:
+ - name: code
+ in: query
+ description: The authorization code received from the redirect.
+ required: true
+ schema:
+ type: string
+ - name: client_id
+ in: query
+ description: The client ID of the application
+ required: false
+ schema:
+ type: string
+ - name: client_secret
+ in: query
+ description: The client's secret (if applicable, for confidential clients).
+ required: false
+ schema:
+ type: string
+ - name: grant_type
+ in: query
+ description: Type of OAuth 2.0 flow being used to exchange the authorization code for an access token.
+ required: true
+ schema:
+ type: string
+ - name: redirect_uri
+ in: query
+ description: The redirect URI used in the initial authorization request.
+ required: false
+ schema:
+ type: string
+ - name: code_verifier
+ in: query
+ description: Used in PKCE (Proof Key for Code Exchange) to secure public clients.
+ required: false
+ schema:
+ type: string
+
+ responses:
+ '200':
+ description: Successfully obtained an access token
+ content:
+ application/json:
+ schema:
+ $ref: '../components/gotrue_token_response.yaml'