Sign in with Quota
A hosted consent screen and OIDC identity provider that lets your users sign in to your product with a Quota wallet. You register an app, configure what it asks for, and link users to /oauth/authorize. Quota handles the sign-in, consent, token issuance, and refresh.
01 What it is
Sign in with Quota is the product name for the hosted-consent plus OIDC stack a developer integrates to delegate sign-in to Quota. Your users land on the Quota-hosted /oauth/authorize page, approve the scopes you asked for, and bounce back to your redirect URI with a code your server exchanges for OAuth access, refresh, and id_token. From your app’s point of view it is a standard OpenID Connect provider with a few Quota-specific touches: per-app branding on the consent screen, per-app welcome credits for new users, and a consent funnel you can read in the dashboard.
Underneath, everything runs through the OAuth 2.1 + OIDC primitives documented elsewhere: client_id / client_secret, the closed scope vocabulary, PKCE, and refresh-token rotation. This page is about the developer surface that wraps them.
02 The dashboard surface
Open /dashboard/sign-in-with-quota to manage your apps. It is the operating surface for everything on this page:
- List and register apps. Each row is one OAuth client. Registering an app gives you a
quota_client_…/quota_secret_…pair; the secret is shown once. - Configure branding, the allowed scope set, redirect URIs, welcome credits, and post-logout URIs.
- Preview the consent screen the way your users will see it, with the current saved values applied.
- Read the consent funnel at /dashboard/sign-in-with-quota/funnel to see where users drop off between landing and granted token.
Everything the dashboard does goes through GET /developers/apps, POST /developers/apps, and the PATCH endpoints documented in section 08. Anything you can do in the UI you can do from a deployment script.
03 Branding fields
Three columns on oauth_clients, all nullable. A null value means “use the default Quota-branded layout for this field”. They render on the hosted /oauth/authorize page that your users see.
| logo_urlstring | null | HTTPS URL of an image to render at the top of the consent page. Browsers fetch the image directly — Quota does not proxy it. Max 2048 chars. data: URIs and private/loopback IPs rejected in production. |
| brand_colorstring | null | Six-hex-digit color (e.g. #7c3aed). Interpolated into a CSS custom property on the consent page; drives the primary action button and accent stroke. Strict regex /^#[0-9a-fA-F]{6}$/ — anything else is rejected, not sanitized. |
| taglinestring | null | Short subtitle rendered under your app name on the consent page. Plain text, max 140 characters. HTML-escaped on render — you cannot inject markup. |
Validation runs at write time, not at render time — anything that survives a write is safe to render. The validation errors are surfaced as the structured codes logo_url_too_long, logo_url_invalid, logo_url_unsafe_scheme, logo_url_data_uri, logo_url_private_ip, brand_color_invalid, and tagline_too_long.
The “Powered by Quota” footer always renders on the consent page, with or without branding. There is no flag to suppress it.
04 Scopes and welcome credits
Scopes. Each app carries an allowed_scopes array — the allowlist consulted by /oauth/authorize when your app requests a scope set. It must be a subset of the published vocabulary in OAuth scopes. Configure the minimum your app actually needs; consent prompts are shorter when the requested set is smaller, and the funnel reads better.
Welcome credits. When a user registers through your app’s OAuth flow, Quota grants their new wallet a starting balance. Each app can override the platform default with its own welcome_credits value: null uses the platform default; an integer in [0, 100,000,000] sets an explicit grant; 100,000,000 credits = $100. Pass 0 to disable the welcome bonus on this app.
05 Redirect URIs and post-logout URIs
redirect_uris. The set of allowed callback URLs Quota will redirect to with the authorization code. HTTPS only; http://localhost and http://127.0.0.1 are accepted for local development. No wildcards. The match is byte-for-byte against the list, so register each environment explicitly. They are required on app creation and editable afterwards from the dashboard.
post_logout_redirect_uris. Where Quota will return the user after they hit the OIDC end-session endpoint. Same HTTPS-only rules as redirect_uris. An empty array clears the registration; the user lands on a Quota-hosted confirmation page in that case.
06 Consent screen preview and the default-brand toggle
The dashboard’s preview pane is a live render of the /oauth/authorize consent screen with the current saved branding applied. It is read-only — interactions are disabled so you can’t accidentally authorize against your own app while looking at it.
The “use default Quota brand” toggle is intent-marking, not stateful by itself. Switching it on doesn’t flip a flag; clearing logo_url, brand_color, and tagline to null is what actually persists the fallback. The toggle is a shortcut for that clear, and it reflects the current state of those three columns. If any of the three is set, the toggle reads off.
07 Consent funnel analytics
The funnel at /dashboard/sign-in-with-quota/funnel tracks four events per app and shows the drop-off between each stage:
- viewed — the user landed on
/oauth/authorizefor this client. - approved — the user clicked “Allow” on the consent screen.
- token_issued — your server successfully exchanged the code at
/oauth/token. - revoked — an access or refresh token was revoked by the user, by you, or by token rotation.
Each drop-off points at a different problem. A high viewed → approved gap usually means an over-broad scope request or confusing branding. A high approved → token_issued gap usually means a redirect-URI mismatch or a server-side bug in the code exchange. A high token_issued → revoked rate over short windows suggests refresh-flow misconfiguration.
08 API reference
Two PATCH endpoints cover the mutable fields. Use them interchangeably with the dashboard — they run the same validation. Both require a developer session (cookie or sess_… bearer); the session must own the app, or the response is 403 forbidden.
App config
Partial update of mutable per-app config. All body fields optional; only the keys you send are touched. Empty body is a no-op that echoes back the current values.
| welcome_creditsinteger | null | Per-app override of the platform default credit grant for users who register through this app’s OAuth flow. null clears the override; integer in [0, 100,000,000] sets it. 100,000,000 credits = $100. |
| allowed_scopesstring[] | Allowlist of OAuth scopes this client may request at /oauth/authorize. Must be a subset of the published scope vocabulary. Empty array effectively bricks new authorizations until repopulated. |
| post_logout_redirect_urisstring[] | Registered redirect targets for the OIDC end-session endpoint. HTTPS only, except http://localhost during local dev. Empty array clears the registration. |
curl -X PATCH https://api.usequota.ai/developers/apps/$APP_ID \
-H "Cookie: quota_session=$SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"welcome_credits": 5000000,
"allowed_scopes": ["openid", "profile", "email", "credits.spend"],
"post_logout_redirect_uris": ["https://myapp.com/signed-out"]
}'Branding
Partial update of the three branding fields. Pass null to clear a field back to the default.
| logo_urlstring | null | HTTPS URL of the consent-screen logo. See section 03 for validation rules. |
| brand_colorstring | null | Six-hex-digit color, e.g. #7c3aed. |
| taglinestring | null | Plain-text subtitle, max 140 characters. |
curl -X PATCH https://api.usequota.ai/developers/apps/$APP_ID/branding \
-H "Cookie: quota_session=$SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"logo_url": "https://logo.clearbit.com/example.com",
"brand_color": "#7c3aed",
"tagline": "AI agents that get work done."
}'Rotating the OAuth client secret is a separate operation — see OAuth secret rotation for the grace-period flow.