Fern supports OAuth as a first class citizen
diff --git a/fern/products/sdks/reference/generators-yml-reference.mdx b/fern/products/sdks/reference/generators-yml-reference.mdx
index 7bfa46d98..378b49702 100644
--- a/fern/products/sdks/reference/generators-yml-reference.mdx
+++ b/fern/products/sdks/reference/generators-yml-reference.mdx
@@ -57,9 +57,13 @@ groups:
## `auth-schemes`
-Define authentication methods for your API that your endpoints can reference. Choose from custom headers (API keys), HTTP Basic, Bearer token, or OAuth 2.0 authentication.
+Define authentication methods for your API that your endpoints can reference. Authentication schemes defined in `generators.yml` take precedence over authentication schemes defined in your spec.
-Alternatively, you can [define authentication for individual SDKs](#override-api-authentication-settings).
+Choose from custom headers (API keys), HTTP Basic, Bearer token, or OAuth 2.0 authentication.
+
+
+ Alternatively, you can [define authentication for individual SDKs](#override-api-authentication-settings).
+
```yaml title="generators.yml" maxLines=10
auth-schemes:
@@ -95,7 +99,7 @@ auth-schemes:
-
+
#### `get-token`
diff --git a/fern/products/sdks/snippets/oauth-get-token.mdx b/fern/products/sdks/snippets/oauth-get-token.mdx
index 938bf9569..b739cedcd 100644
--- a/fern/products/sdks/snippets/oauth-get-token.mdx
+++ b/fern/products/sdks/snippets/oauth-get-token.mdx
@@ -1,6 +1,6 @@
-Configuration for the token acquisition endpoint.
+Specifies the endpoint that exchanges client credentials for an access token. This endpoint is called automatically when the SDK client is initialized.
-```yaml
+```yaml title="generators.yml"
get-token:
endpoint: "auth.get_token"
request-properties:
@@ -12,29 +12,29 @@ get-token:
```
- The endpoint to get the access token, such as `'auth.get_token'`.
+ The endpoint that issues access tokens, such as `'auth.get_token'`.
- Customizes the property names used in the token request.
+ Maps OAuth parameter names to your API's request field names. Use this when your token endpoint expects different field names than the OAuth standard (e.g., your API uses `clientId` instead of `client_id`).
-
- The property name for the client ID in the request.
+
+ The request field name for the client ID in your API (e.g., `"clientId"`, `"client_id"`).
-
- The property name for the client secret in the request.
+
+ The request field name for the client secret in your API (e.g., `"clientSecret"`, `"client_secret"`).
-
- The property name for the scopes in the request.
+
+ The request field name for scopes in your API (e.g., `"scope"`, `"scopes"`).
- Maps custom property names in your OAuth token response (e.g., if your API returns `accessToken` instead of `access_token`).
+ Maps your API's response field names to OAuth standard names. Use this when your API returns tokens with different field names (e.g., `accessToken` instead of `access_token`).
-
- The property name for the access token in the response.
+
+ The response field name for the access token in your API (e.g., `"accessToken"`, `"access_token"`).
-
- The property name for the expires in property in the response.
+
+ The response field name for token expiration time in seconds (e.g., `"expiresIn"`, `"expires_in"`). When present, the SDK automatically refreshes tokens before expiration.
- The property name for the refresh token in the response.
+ The response field name for the refresh token in your API (e.g., `"refreshToken"`, `"refresh_token"`). Required if using the `refresh-token` flow.
\ No newline at end of file
diff --git a/fern/products/sdks/snippets/oauth-params.mdx b/fern/products/sdks/snippets/oauth-params.mdx
index f101392df..c19c2541b 100644
--- a/fern/products/sdks/snippets/oauth-params.mdx
+++ b/fern/products/sdks/snippets/oauth-params.mdx
@@ -1,6 +1,10 @@
-Configure OAuth 2.0 client credentials authentication.
+
+ For Fern Definition, you can configure OAuth authentication either in `generators.yml` or [directly in your `api.yml` file](/api-definitions/ferndef/authentication#oauth-client-credentials). For OpenAPI, [OAuth must be configured in `generators.yml`](/api-definitions/openapi/authentication#oauth-client-credentials).
+
-```yaml
+Configure OAuth 2.0 client credentials authentication. Optionally configure a `refresh-token` endpoint for token renewal without re-authentication.
+
+```yaml title="generators.yml" maxLines=10
auth-schemes:
my-oauth: # User-defined scheme name
scheme: oauth
@@ -31,15 +35,14 @@ auth-schemes:
expires-in: "expires_in"
refresh-token: "refresh_token"
```
-
Must be set to `"oauth"` for OAuth authentication schemes.
-
- The OAuth flow type. Currently only `"client-credentials"` is supported.
+
+ The OAuth 2.0 grant type. Currently only `"client-credentials"` is supported.
-
- List of OAuth scopes to request during authentication.
+
+ OAuth scopes to request when obtaining access tokens (e.g., `"read:users"`, `"write:orders"`).
Environment variable name containing the OAuth client ID. When specified, the generated SDK will automatically scan for this environment variable at initialization.
@@ -48,8 +51,8 @@ auth-schemes:
Environment variable name containing the OAuth client secret. When specified, the generated SDK will automatically scan for this environment variable at initialization.
- Sets the token header value prefix.
+ Prefix added to the access token in the Authorization header (e.g., `"Bearer"` results in `"Authorization: Bearer "`). Useful when your API expects a custom format.
- Sets the token header key name.
+ HTTP header name used to send the access token. Defaults to `"Authorization"` but can be customized if your API uses a different header (e.g., `"X-API-Token"`).
\ No newline at end of file
diff --git a/fern/products/sdks/snippets/oauth-refresh-token.mdx b/fern/products/sdks/snippets/oauth-refresh-token.mdx
index cf992a5ef..75b28c272 100644
--- a/fern/products/sdks/snippets/oauth-refresh-token.mdx
+++ b/fern/products/sdks/snippets/oauth-refresh-token.mdx
@@ -1,6 +1,6 @@
-Configuration for the token refresh endpoint.
+Specifies the endpoint that exchanges a refresh token for a new access token. When configured, the SDK automatically uses this endpoint to renew expired tokens without re-sending credentials. If not configured, the SDK will re-authenticate using `get-token` when tokens expire.
-```yaml
+```yaml title="generators.yml"
refresh-token:
endpoint: "auth.refresh_token"
request-properties:
@@ -11,23 +11,23 @@ refresh-token:
```
- The endpoint to refresh the access token, such as `'auth.refresh_token'`.
+ The endpoint that refreshes access tokens (e.g., `"POST /oauth/refresh"` or `"auth.refreshToken"`).
- Maps custom property names in your refresh token request.
+ Maps OAuth parameter names to your API's request field names for the refresh flow.
-
- The property name for the refresh token in the request.
+
+ The request field name for the refresh token in your API (e.g., `"refreshToken"`, `"refresh_token"`).
- Maps custom property names in your refresh token response.
+ Maps your API's refresh response field names to OAuth standard names.
-
- The property name for the access token in the response.
+
+ The response field name for the new access token (e.g., `"accessToken"`, `"access_token"`).
-
- The property name for the expires in property in the response.
+
+ The response field name for the new token's expiration time in seconds (e.g., `"expiresIn"`, `"expires_in"`).
-
- The property name for the refresh token in the response.
+
+ The response field name if your API issues a new refresh token with each refresh (token rotation).
\ No newline at end of file