NewAccess method

Direct MCP connection with device login

By CorpusIQ

Connect external tools straight to the CorpusIQ MCP server at mcp2.corpusiq.io, without going through ChatGPT, Claude, or Perplexity. CLI tools, agents, CI runners, and IDE plugins sign in once with OAuth 2.0 device login, receive a bearer token, and reach every connector you have already authorized. No embedded browser. No client secret to store. Copy the config, run the helper, export the token.

Before you start

Device login signs an external tool in as you. It does not create an account and it does not link connectors on its own. Two things have to be in place first:

A CorpusIQ account. Device login authenticates a real CorpusIQ user. If you do not have an account yet, start your free 30-day trial first. Without an account there is no identity for the tool to sign in as.
Each connector you need, authorized first. A token only reaches connectors you have already authorized in the dashboard. If Gmail, Drive, Shopify, or QuickBooks is not linked yet, the tool cannot use it. Authorize every connector you plan to call before you connect the tool.

Set both up in your connectors dashboard. Once your connectors are linked, any tool you sign in with device login reaches them with no re-linking.

Device login walkthrough: point a tool at the server, sign in once, export the token.

Authorize your connectors once in the dashboard, then point any external tool at the MCP server.

Set it up in your dashboard

Connection details

The MCP server is online at the endpoint below. Browser-based clients use OAuth and open a sign-in window. CLI tools and agents use device login. Both reach the same server and the same 36+ connectors.

Server URL

https://mcp2.corpusiq.io/mcp

Authorization URL

https://www.corpusiq.io/mcp-auth

Full config block

mcp config

{
  "mcpServers": {
    "corpusiq": {
      "url": "https://mcp2.corpusiq.io/mcp",
      "authorizationUrl": "https://www.corpusiq.io/mcp-auth"
    }
  }
}

Paste into your AI client's MCP server config. Step-by-step video guides live in your dashboard tutorials.

Browser OAuth clients

ChatGPT, Claude, and Perplexity open a browser window to authenticate. No bearer token needed. Add the server URL above, sign in, and your connectors are live in the assistant.

Agent and CLI tools: device login

CLI tools, agent loops, and CI runners cannot open a browser. These use the OAuth 2.0 Device Authorization Grant. A short code is shown, you sign in once, and the tool receives a token it sends as an Authorization Bearer header on every call to the MCP endpoint.

›_

CLI tools

Terminals and shell scripts

{}

Agent frameworks

Background agents and loops

CI runners

Pipelines with no browser

</>

Generic MCP SDK

Any language, any client

Device-login helper

Drop this into your project. It has no dependencies beyond requests. Run it, sign in with the printed code, and it prints the access token for you to export.

device_login.py

# device_login.py -- CorpusIQ MCP device-login helper
# No dependencies beyond requests
from __future__ import annotations
import sys, time
from typing import Any
import requests

DEVICE_GRANT = "urn:ietf:params:oauth:grant-type:device_code"

class DeviceLoginError(RuntimeError):
    pass

def login(base_url: str = "https://mcp2.corpusiq.io", timeout: int = 30) -> dict[str, Any]:
    s = requests.Session()
    r = s.post(f"{base_url}/oauth/device/authorize", timeout=timeout)
    r.raise_for_status()
    dc = r.json()
    print(
        f"\nSign in to CorpusIQ:\n"
        f"  Open:  {dc['verification_uri']}\n"
        f"  Code:  {dc['user_code']}\n",
        flush=True,
    )
    interval = int(dc.get("interval", 5))
    deadline = time.time() + int(dc.get("expires_in", 900))
    while time.time() < deadline:
        time.sleep(interval)
        tr = s.post(
            f"{base_url}/oauth/token",
            data={"grant_type": DEVICE_GRANT, "device_code": dc["device_code"]},
            timeout=timeout,
        )
        if tr.status_code == 200:
            return tr.json()
        err = (tr.json() if tr.headers.get("content-type","").startswith("application/json") else {}).get("error","")
        if err == "authorization_pending": continue
        if err == "slow_down": interval += 5; continue
        if err in ("expired_token", "invalid_grant"):
            raise DeviceLoginError(f"Device login failed: {err}")
        raise DeviceLoginError(f"Unexpected {tr.status_code}: {tr.text}")
    raise DeviceLoginError("Device code expired.")

if __name__ == "__main__":
    try: print(login()["access_token"])
    except DeviceLoginError as e: print(e, file=sys.stderr); sys.exit(1)

How it works

Device login follows the OAuth 2.0 Device Authorization Grant, a published IETF standard. The shape is four steps, and you only touch one of them by hand:

Point your tool at the MCP server. Add the CorpusIQ server to your client config. The URL is https://mcp2.corpusiq.io/mcp and the authorization URL is https://www.corpusiq.io/mcp-auth.
Start device login. Run your client or the device-login helper. The tool asks the server to start a session and prints a short code with a sign-in link.
Sign in once in a browser. Open the link on any device, sign in to CorpusIQ, and enter the short code. This confirms the tool is acting as you.
Use the token. The tool receives a bearer token and sends it as an Authorization header on every call to the MCP server. Your already-authorized connectors come with it.

From then on, the tool reaches the MCP server directly. No browser stays open, and nothing about the flow asks you to copy a client secret into your tool.

Two ways to connect

CorpusIQ gives you two ways in. The first is through your assistant: you authorize your connectors in the dashboard and use them inside ChatGPT, Claude, or Perplexity. That is how most people start, and nothing about it changes.

The second is a direct MCP connection. An external tool connects straight to the CorpusIQ MCP server using device login. Both paths reach the same server and the same 36+ connectors. Pick whichever fits the tool in front of you. For the side-by-side, see the features page.

When to use device login

Device login is the right path when your tool runs outside a normal browser, a terminal, a daemon, a CI runner, an IDE plugin, or an agent loop, and you do not want to store or embed an OAuth client secret. It also keeps access scoped to the actual person signing in, so your connector permissions stay tied to you rather than a shared service account.

If your tool is a standard web app, or it is ChatGPT, Claude, or Perplexity, you do not need device login. Those clients ship their own browser sign-in and connect through that.

Your connector access carries over

You authorize each connector once, in the dashboard. After that, any tool you connect with device login reaches every connector you have already authorized, with no re-linking. Once Google, Shopify, or QuickBooks is linked, a new token immediately has access to the same connectors. To review or add connectors, open your connectors in the dashboard.

Frequently asked questions

What is a direct MCP connection?

A direct MCP connection lets an external tool talk to the CorpusIQ MCP server on its own, without going through ChatGPT, Claude, or Perplexity. The tool authenticates with device login, receives a bearer token, and calls the same MCP endpoint at mcp2.corpusiq.io that your assistant uses. It is a second way to connect, alongside the assistant-based path.

What is the CorpusIQ MCP server URL?

The MCP endpoint is https://mcp2.corpusiq.io/mcp and the authorization URL is https://www.corpusiq.io/mcp-auth. Add both to your client config. Browser-based clients use OAuth and open a sign-in window. CLI tools and agents use the device login flow.

Do I need a CorpusIQ account first?

Yes. Device login signs an external tool in as a real CorpusIQ user, so you need an account before you connect anything. If you do not have one, start the free 30-day trial first. Device login does not create an account on its own.

Do I need to authorize connectors before connecting a tool?

Yes. A token only reaches connectors you have already authorized in the dashboard. Authorize each connector you plan to use, like Gmail, Drive, Shopify, or QuickBooks, before you connect the tool. Anything not linked yet will not be reachable until you authorize it.

What is device login?

Device login is the OAuth 2.0 Device Authorization Grant. Your tool shows a short code, you sign in once in a browser on any device, and the tool receives a secure token. It is the standard way for tools that cannot open their own browser, like a terminal, a CI runner, or an agent loop, to authenticate a real user.

Which tools can use it?

Any MCP client that supports a bearer token. That includes CLI tools, agent frameworks, CI runners, IDE plugins, shell scripts, and any MCP client SDK in any language. If your tool runs outside a normal browser and you do not want to embed a client secret, device login is the path.

Do I have to re-authorize my connectors?

No. You authorize each connector once in the dashboard. After that, any tool you connect with device login reaches every connector you have already authorized. Your existing connector access carries over automatically, with no re-linking.

Is this different from how Claude or ChatGPT connect?

Yes. ChatGPT, Claude, and Perplexity ship their own sign-in flow and connect through that. Device login is for external tools that do not have a built-in browser flow. Both paths reach the same MCP server and the same connectors.

Is it secure?

Device login is an IETF published standard and scopes access to the actual person signing in. CorpusIQ connectors use read-only OAuth by design, and customer data is not used for model training. No client secret is stored in your tool.

← MCP Hub

NewAccess method

Direct MCP connection with device login

By CorpusIQ

Before you start

Device login signs an external tool in as you. It does not create an account and it does not link connectors on its own. Two things have to be in place first:

A CorpusIQ account. Device login authenticates a real CorpusIQ user. If you do not have an account yet, start your free 30-day trial first. Without an account there is no identity for the tool to sign in as.
Each connector you need, authorized first. A token only reaches connectors you have already authorized in the dashboard. If Gmail, Drive, Shopify, or QuickBooks is not linked yet, the tool cannot use it. Authorize every connector you plan to call before you connect the tool.

Set both up in your connectors dashboard. Once your connectors are linked, any tool you sign in with device login reaches them with no re-linking.

Device login walkthrough: point a tool at the server, sign in once, export the token.

Authorize your connectors once in the dashboard, then point any external tool at the MCP server.

Set it up in your dashboard

Connection details

Server URL

https://mcp2.corpusiq.io/mcp

Authorization URL

https://www.corpusiq.io/mcp-auth

Full config block

mcp config

{
  "mcpServers": {
    "corpusiq": {
      "url": "https://mcp2.corpusiq.io/mcp",
      "authorizationUrl": "https://www.corpusiq.io/mcp-auth"
    }
  }
}

Paste into your AI client's MCP server config. Step-by-step video guides live in your dashboard tutorials.

Browser OAuth clients

ChatGPT, Claude, and Perplexity open a browser window to authenticate. No bearer token needed. Add the server URL above, sign in, and your connectors are live in the assistant.

Agent and CLI tools: device login

›_

CLI tools

Terminals and shell scripts

{}

Agent frameworks

Background agents and loops

CI runners

Pipelines with no browser

</>

Generic MCP SDK

Any language, any client

Device-login helper

Drop this into your project. It has no dependencies beyond requests. Run it, sign in with the printed code, and it prints the access token for you to export.

device_login.py

# device_login.py -- CorpusIQ MCP device-login helper
# No dependencies beyond requests
from __future__ import annotations
import sys, time
from typing import Any
import requests

DEVICE_GRANT = "urn:ietf:params:oauth:grant-type:device_code"

class DeviceLoginError(RuntimeError):
    pass

def login(base_url: str = "https://mcp2.corpusiq.io", timeout: int = 30) -> dict[str, Any]:
    s = requests.Session()
    r = s.post(f"{base_url}/oauth/device/authorize", timeout=timeout)
    r.raise_for_status()
    dc = r.json()
    print(
        f"\nSign in to CorpusIQ:\n"
        f"  Open:  {dc['verification_uri']}\n"
        f"  Code:  {dc['user_code']}\n",
        flush=True,
    )
    interval = int(dc.get("interval", 5))
    deadline = time.time() + int(dc.get("expires_in", 900))
    while time.time() < deadline:
        time.sleep(interval)
        tr = s.post(
            f"{base_url}/oauth/token",
            data={"grant_type": DEVICE_GRANT, "device_code": dc["device_code"]},
            timeout=timeout,
        )
        if tr.status_code == 200:
            return tr.json()
        err = (tr.json() if tr.headers.get("content-type","").startswith("application/json") else {}).get("error","")
        if err == "authorization_pending": continue
        if err == "slow_down": interval += 5; continue
        if err in ("expired_token", "invalid_grant"):
            raise DeviceLoginError(f"Device login failed: {err}")
        raise DeviceLoginError(f"Unexpected {tr.status_code}: {tr.text}")
    raise DeviceLoginError("Device code expired.")

if __name__ == "__main__":
    try: print(login()["access_token"])
    except DeviceLoginError as e: print(e, file=sys.stderr); sys.exit(1)

How it works

Device login follows the OAuth 2.0 Device Authorization Grant, a published IETF standard. The shape is four steps, and you only touch one of them by hand:

Point your tool at the MCP server. Add the CorpusIQ server to your client config. The URL is https://mcp2.corpusiq.io/mcp and the authorization URL is https://www.corpusiq.io/mcp-auth.
Start device login. Run your client or the device-login helper. The tool asks the server to start a session and prints a short code with a sign-in link.
Sign in once in a browser. Open the link on any device, sign in to CorpusIQ, and enter the short code. This confirms the tool is acting as you.
Use the token. The tool receives a bearer token and sends it as an Authorization header on every call to the MCP server. Your already-authorized connectors come with it.

From then on, the tool reaches the MCP server directly. No browser stays open, and nothing about the flow asks you to copy a client secret into your tool.

Two ways to connect

When to use device login

If your tool is a standard web app, or it is ChatGPT, Claude, or Perplexity, you do not need device login. Those clients ship their own browser sign-in and connect through that.

Your connector access carries over

Frequently asked questions

What is a direct MCP connection?

What is the CorpusIQ MCP server URL?

Do I need a CorpusIQ account first?

Do I need to authorize connectors before connecting a tool?

What is device login?

Which tools can use it?

Do I have to re-authorize my connectors?

Is this different from how Claude or ChatGPT connect?

Is it secure?

Direct MCP connection with device login

Before you start

Connection details

Browser OAuth clients

Agent and CLI tools: device login

Device-login helper

How it works

Two ways to connect

When to use device login

Your connector access carries over

Related reading

Frequently asked questions

Direct MCP connection with device login

Before you start

Connection details

Browser OAuth clients

Agent and CLI tools: device login

Device-login helper

How it works

Two ways to connect

When to use device login

Your connector access carries over

Related reading

Frequently asked questions