TL;DR
Figma OAuth is not like Google or GitHub OAuth. You don’t just add credentials and ship. Your app must be reviewed and approved, or OAuth won’t work at all. Here’s the exact flow so you don’t waste days like I did.
Why Figma OAuth Feels Weird at First
I assumed Figma OAuth would be:
redirect → approve → callback → done
Just like Google or GitHub.
That assumption was wrong.
Figma is very selective about which apps can use OAuth. If your app isn’t properly reviewed and approved, OAuth simply won’t work — even if your code is perfect.
Once I understood their review-first mindset, everything clicked.
The Real Figma OAuth Flow (Step by Step)
1. Go to the Figma Developer Platform
Create a developer account on the Figma Developers portal.
2. Create a New App
After logging in:
Create a new app
Give it a name (this matters for review)
3. Get Your OAuth Credentials
Inside your app:
Open OAuth credentials
Copy your Client ID and Client Secret
You’ll need these later when wiring OAuth in your backend.
4. Publish Your App (This Is the Important Part)
Publishing is mandatory. This is where most people get stuck.
It has four sections 👇
Section 1: Describe Your App
Upload a logo
(Don’t overthink it — a placeholder logo is fine. You can change it later.)
Write a clear description of what your app does
Keep it simple and honest.
Section 2: Review Scope (Critical)
This determines what access your app is requesting.
If you’re only using OAuth for login, select:
current_user:read
You must also explain why you need it.
Template you can use:
I use this scope to verify that the user is a real Figma user before allowing them to access the application.
Yes — this is enough.
Section 3: Reviewer Instructions (Most Important)
This is where you explain how the reviewer should test your app.
If this section is unclear, your app will be rejected.
Template (customize this):
This app uses Figma OAuth only for authentication (“Sign in with Figma”).
Steps to test:
Open the app
Click “Sign in with Figma”
Approve the OAuth request
You will be redirected back and logged in
Be explicit. Assume the reviewer knows nothing about your app.
Section 4: Final Review
Review everything
Agree to Figma’s guidelines
Submit
That’s it.
What Happens After Submission?
Now you wait.
⏱ Usually 2–5 business days
📧 You’ll receive an email
If approved → you’re good to integrate OAuth.
If rejected → Figma tells you exactly why, so you can fix it and resubmit.
Key Takeaways (Learned the Hard Way)
- Figma OAuth ≠ Google OAuth
- Approval comes before integration
- Clear reviewer instructions matter more than code
- Minimal scopes = higher approval chances
Once you understand this flow, Figma OAuth stops feeling “broken” and starts making sense.
About Me
I build full-stack products, work on AI + developer tooling, and write about real-world engineering lessons.
GitHub → MyGitHub
LinkedIn → MyLinkedIn
Top comments (0)