Set up secure OAuth sign-in so Claude, Cursor, and other MCP clients connect without manually copying long tokens.
Overview
Some AI tools – especially Claude.ai – support OAuth, a standard way to sign in through your browser instead of pasting a secret token. Odoo MCP Connection includes built-in OAuth support so your team can authorize access safely.
Each OAuth client is linked to an API key and an Odoo user. When someone completes sign-in in Claude, they get access with the same permissions as that key.
You can create OAuth clients from Odoo MCP Connection → OAuth Clients or directly from an API key using Create OAuth Client.
How It Works
- You create an OAuth client in Odoo and copy the Client ID and Client Secret.
- In Claude (or another tool), you enter your Odoo MCP URL and the client credentials.
- Claude opens a browser window asking you to sign in to Odoo and approve access.
- Odoo issues a temporary authorization code, which Claude exchanges for an access token.
- All subsequent AI requests use that token and are logged like any other API key activity.
For Claude specifically, you must add this redirect address: https://claude.ai/api/mcp/auth_callback
Your Odoo site must use HTTPS in production for OAuth to work with Claude.
Step-by-Step Guide
Option A – From an existing API key
- Open your API key in Odoo MCP Connection → API Keys.
- In the OAuth (Claude / Cursor) section, click Create OAuth Client.
- Odoo generates Client ID, Client Secret, and redirect URIs automatically.
- Copy Client ID, Client Secret, and MCP Endpoint from the form.
- In Claude’s MCP settings, paste the MCP URL (with
?db=) and the client credentials. - Complete the browser authorization when Claude prompts you.
Option B – New OAuth client from scratch
- Go to Odoo MCP Connection → OAuth Clients → New.
- Enter a Name (e.g. “Claude – Marketing Team”).
- Select the Odoo User this connection should act as.
- In Redirect URIs, add
https://claude.ai/api/mcp/auth_callback(one per line). - Save. Copy the Client ID and Client Secret.
- Configure Claude with your MCP endpoint URL and these credentials.
Fields Table
| Field Name | Description | Example |
|---|---|---|
Name |
Label for this OAuth connection |
Claude – Sales Team |
Active |
Turn off to block new sign-ins |
Checked |
Client ID |
Public identifier you give to the AI tool |
Random string (auto-generated) |
Client Secret |
Private password for the AI tool – keep confidential |
Random string (auto-generated) |
Redirect URIs |
Allowed callback addresses after sign-in |
Apps → Update Apps Lis |
Odoo User |
User account used after successful OAuth |
Sales Manager |
Linked API Key |
API key created automatically for MCP calls |
OAuth: Claude – Sales Team |
Scope |
Permission scope for the token |
mcp |
OAuth Token URL |
Address where tools exchange credentials (on API key form) |
https://mycompany.odoo.com/mcp/oauth/token?db=main |
OAuth Authorize URL |
Browser sign-in page address |
https://mycompany.odoo.com/authorize?db=main |
Field Explanations
Name
Helps you identify this OAuth setup in lists. Include the AI product and team name.
Active
Disable to prevent new authorizations without deleting the client record.
Client ID
Safe to share with the AI tool configuration. It is not secret on its own but must pair with the Client Secret.
Client Secret
Treat like a password. Only enter it in trusted AI tool settings. Use Generate Secret to create a new one if compromised.
Redirect URIs
Tells Odoo which websites may receive users after login. Claude requires its specific callback URL. Add one URI per line.
Odoo User
Determines what data and actions are available after OAuth sign-in – same as for a regular API key.
Linked API Key
Created automatically behind the scenes. MCP requests after OAuth use this key’s permissions and appear in its audit logs.
Scope
Defines the access scope. The default mcp value is correct for standard MCP connections.
OAuth Token URL & Authorize URL
Technical addresses shown on the linked API key. Advanced setups may need these; most users only need Client ID, Secret, and MCP endpoint.
Tips
- For Claude, use the one-click Create OAuth Client button on an API key – it pre-fills the correct redirect URI.
- If OAuth fails with security errors, verify your Odoo site URL starts with
https://and that your server is configured for HTTPS behind a reverse proxy. - You can still use plain API keys (bearer tokens) for tools that do not support OAuth – both methods work side by side.
Common Mistakes
- Missing Claude redirect URI: Without
https://claude.ai/api/mcp/auth_callback, authorization will fail after login. - HTTP instead of HTTPS: Claude requires a secure connection. HTTP-only Odoo sites will not work for OAuth.
- Forgetting ?db= in the MCP URL: On servers with multiple databases, Claude must connect to the correct database. Copy the full URL from the API Console.