White-labeling authentication
There are three places where Composio branding shows up during authentication:
| Where | What users see | How to fix |
|---|---|---|
| Connect Link page | Composio logo and name on the hosted auth page | Change logo + app title in dashboard |
| OAuth consent screen | "Composio wants to access your account" on Google, GitHub, etc. | Use your own OAuth app |
| Browser address bar | backend.composio.dev flashes during OAuth redirect | Proxy the redirect through your domain |
Customizing the Connect Link
The Connect Link is the hosted page your users see when connecting their accounts. By default it shows Composio branding.
To replace it with your own branding:
- Go to Project Settings → Auth Screen
- Upload your Logo and set your App Title
This applies to all Connect Link flows across all toolkits, for both in-chat and manual authentication. Each project has one logo and app title, so if you need different branding per product, use separate projects.
Customizing the Connect Link only changes the Composio-hosted page. For OAuth toolkits like Gmail, Google Sheets, GitHub, and Slack, users still see a consent screen saying "Composio wants to access your account." To change that, and to remove the "Secured by Composio" badge, set up your own OAuth app as described below.
Troubleshooting
- "Secured by Composio" badge won't go away: This badge is removed when you use your own OAuth app. See Using your own OAuth apps.
- Logo doesn't appear after uploading: Clear browser cache or try incognito.
- Upload fails with "failed to fetch": Retry or use a smaller image.
Using your own OAuth apps
OAuth toolkits like Google and GitHub show a consent screen that says which app is requesting access. By default this reads "Composio wants to connect to your account." To show your app name instead, register your own OAuth app and tell Composio to use it. This is done by creating a custom auth config with your own credentials. See when to use your own OAuth apps.
You don't need this for every toolkit
Only white-label toolkits where users see a consent screen (Google, GitHub, Slack, etc.). Toolkits that use API keys don't show consent screens, so there's nothing to white-label. You can mix and match freely.
Register a new OAuth app with the toolkit. Set the callback URL to:
https://backend.composio.dev/api/v3/toolkits/auth/callbackYou'll get a Client ID and Client Secret.
Step-by-step guides: Google | Slack | HubSpot | All toolkits
In the Composio dashboard:
- Go to Authentication management → Create Auth Config
- Select the toolkit (e.g., GitHub)
- Choose OAuth2 scheme
- Toggle on Use your own developer credentials
- Enter your Client ID and Client Secret
- Click Create
Copy the auth config ID (e.g., ac_1234abcd).
Specify which toolkits should use your custom auth config. Any toolkit you don't specify here will use Composio's managed auth automatically:
session = composio.create(
user_id="user_123",
auth_configs={
"github": "ac_your_github_config",
"slack": "ac_your_slack_config",
# gmail, linear, etc. use Composio managed auth automatically
},
)const session = await composio.create("user_123", {
authConfigs: {
github: "ac_your_github_config",
slack: "ac_your_slack_config",
// gmail, linear, etc. use Composio managed auth automatically
},
});Now when users connect GitHub or Slack, they'll see your app name on the consent screen. For Gmail and everything else, Composio's default app handles it.
When to use your own OAuth apps
- Production apps where end users see consent screens. They should see your brand, not Composio's.
- Enterprise customers who require your branding end-to-end.
- Toolkits where you need custom scopes beyond what Composio's default app provides.
For development and testing, Composio's managed auth works fine. No OAuth app setup required.
Custom redirect domain
During OAuth, the browser briefly redirects through backend.composio.dev so Composio can capture the auth token. Some toolkits also display this URL on the consent screen.
If you need to hide Composio's domain, you can proxy the redirect through your own domain instead.
In your OAuth app's settings, set the authorized redirect URI to your own endpoint:
https://yourdomain.com/api/composio-redirectThis endpoint receives the OAuth callback and immediately 302-redirects it to Composio:
from fastapi import FastAPI, Request
from fastapi.responses import RedirectResponse
app = FastAPI()
@app.get("/api/composio-redirect")
def composio_redirect(request: Request):
composio_url = "https://backend.composio.dev/api/v3/toolkits/auth/callback"
return RedirectResponse(url=f"{composio_url}?{request.url.query}")// pages/api/composio-redirect.ts (Next.js)
import type { NextApiRequest, NextApiResponse } from "next";
export default function handler(req: NextApiRequest, res: NextApiResponse) {
const composioUrl = "https://backend.composio.dev/api/v3/toolkits/auth/callback";
const params = new URLSearchParams(req.query as Record<string, string>);
res.redirect(302, `${composioUrl}?${params.toString()}`);
}Your endpoint must return a 302 redirect. Do not follow the redirect server-side or make a fetch call to Composio. The user's browser needs to be redirected so the OAuth flow completes correctly.
In the Composio dashboard, update your auth config to use your custom redirect URI.
Here's how the redirect flow works. Your proxy just forwards the browser redirect to Composio. It never touches the authorization code or token.
For FAQs and setup guides for individual toolkits, browse the toolkits page.