Documentation Index
Fetch the complete documentation index at: https://docs.barndoor.ai/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Barndoor connects users to your MCP server using the OAuth 2.0 authorization code flow. When a user authorizes Barndoor, your platform redirects their browser to a Barndoor-hosted callback URL with the authorization code. For that redirect to succeed, the callback URL must be registered as an allowed redirect URI on the OAuth application (or MCP server registration) in your platform. If you operate a SaaS platform with an MCP server and want Barndoor customers to be able to connect to it, add the redirect URIs below to your OAuth client allowlist.Redirect URIs to Allowlist
Add all three URIs. Each corresponds to a different Barndoor environment, and customers may connect from any of them:https://app.barndoor.ai/callback— Productionhttps://app.barndoordev.com/callback— Developmenthttps://app.barndooruat.com/callback— UAT / staging
All three URIs are stable. They are exact-match URLs — do not add trailing slashes, wildcards, or alternate paths. Allowlisting only the production URI will block development and UAT testing.
Why All Three Environments
Barndoor maintains separate environments for production traffic, internal development, and customer-facing UAT testing. Customers running pre-release validation or proof-of-concept work will often connect from the UAT or development environment before promoting an integration to production. Allowlisting all three URIs up front avoids a second round-trip when those customers begin testing.Common Platform Locations
| Platform pattern | Typical setting path |
|---|---|
| OAuth 2.0 client config | App settings → OAuth → Redirect URIs |
| Dynamic client registration | Set redirect_uris array in the client registration payload |
| Per-tenant OAuth app | Admin console → Apps / Integrations → Edit app → Redirect URIs |
Troubleshooting
If users see redirect errors after allowlisting:- Check for exact-match issues. Confirm there are no trailing slashes, missing
https://, or typos. - Confirm the change has propagated. Some platforms cache OAuth client config for several minutes.
- Verify all three URIs are present. Errors that only occur for some users often indicate a missing environment.
- Contact support if the issue persists: [email protected].
Frequently Asked Questions
Can I allowlist only the production URI?
Can I allowlist only the production URI?
Only if you don’t intend to support customer testing in pre-production. Customers running pilots or UAT often connect from
app.barndooruat.com or app.barndoordev.com, and those flows will fail with an invalid_redirect_uri error if only the production URI is registered.Do these URIs change?
Do these URIs change?
No. These are stable, long-lived URIs. If they ever change, Barndoor will notify integrated platforms in advance and update this page.
Can I use a wildcard like https://*.barndoor.ai/callback?
Can I use a wildcard like https://*.barndoor.ai/callback?
Most OAuth providers don’t allow wildcards in redirect URIs, and we don’t recommend it even where supported. Register the three exact URIs above.
Is this the same as IP whitelisting?
Is this the same as IP whitelisting?
No. Redirect URI allowlisting governs the OAuth browser redirect to Barndoor. IP whitelisting governs the server-to-server MCP traffic from Barndoor to your infrastructure. Most integrations need both.