# Connecting an app

Connect an app from Settings → Connections. Browse the catalog by category, pick an app, then connect it the way it supports — a one-click OAuth handshake, your own OAuth app, or by pasting an API key.

## Browse by category

- 01Open ConnectionsOpen Settings (⌘, / Ctrl+,) → Connections. You’ll see your connected apps; click Add connection to browse the catalog.Add a connectionSettings → Connections → Add connection.
- 02Find an appApps are grouped into categories — Development, Databases, AI & Search, Deployment & Cloud, Productivity, Automation, and Monitoring. Use the search box to filter by name or description. Apps you’ve already connected show a check; apps that support a hosted handshake show an OAuth tag.
- 03Pick itClick an app to open its config form. The form shows exactly the fields that app needs — some need none at all.

## Three ways to connect

Which controls appear depends on the connector. Foxora picks the most convenient method an app supports and falls back gracefully.

### One-click OAuth

When an app supports a Foxora-hosted OAuth handshake, you get a Connect with… button — no token to paste. Click it and the app opens in your browser to authorize. The panel shows “Waiting for authorization in your browser…” and polls until the connection lands, then drops you back to the list.

### Your own OAuth app (Google / Microsoft)

For Google and Microsoft apps where Foxora-hosted OAuth isn’t set up, you can authorize with your own OAuth app:

- Google — paste your Google Cloud OAuth client JSON (a Desktop app client), then click Authorize. Add http://127.0.0.1:9787/auth/callback as a redirect URI in Google Cloud Console first.
- Microsoft — enter your Azure app’s client ID and client secret (and optionally a tenant ID), add the same loopback redirect URI, then click Authorize.

Some Google connectors (Gmail, Calendar, Drive) instead take a service-account or OAuth-client JSON that the MCP server itself authorizes on first use — you paste the JSON, and the browser consent happens the first time the agent uses it.

### API key or connection string

Most connectors just need a credential pasted into a field — a personal access token, an API key, or a database connection string. Each field carries a Get it → link to where you generate the value. Click Connect when the form validates.

> No credentials neededSome connectors — like the project-jailed File System and Git servers, or Docker and Playwright — need no config at all. The form simply says “No credentials needed — just connect.”

> Update or remove anytimeRe-opening a connected app shows Update connection. In the list, hover a row to reveal the remove button. Removing a connection pulls its tools from future sessions.