SecurityFebruary 18, 20268 min read

Lessons from Gmail OAuth and production auth

Tokens, scopes, refresh flows, CSRF, and the gap between a login that works on localhost and one you'd trust in production.

In progress

This essay is being written. It will draw directly on building Agentic CRM and the work behind it — concrete decisions, trade-offs, and what actually held up in practice, rather than generic advice.

Want to read it when it's ready, or talk through the topic now? Get in touch.

Keep reading

Building an AI CRM from scratch
Why human-in-the-loop AI matters
Designing multi-tenant SaaS safely