Figma OAuth Made No Sense to Me — Until I Understood This Flow 😭

abu — Thu, 22 Jan 2026 12:38:33 +0000

TL;DR

Figma OAuth is not like Google or GitHub OAuth. You don’t just add credentials and ship. Your app must be reviewed and approved, or OAuth won’t work at all. Here’s the exact flow so you don’t waste days like I did.

Why Figma OAuth Feels Weird at First

I assumed Figma OAuth would be:

redirect → approve → callback → done

Just like Google or GitHub.

That assumption was wrong.

Figma is very selective about which apps can use OAuth. If your app isn’t properly reviewed and approved, OAuth simply won’t work — even if your code is perfect.

Once I understood their review-first mindset, everything clicked.

The Real Figma OAuth Flow (Step by Step)

1. Go to the Figma Developer Platform

Create a developer account on the Figma Developers portal.

2. Create a New App

After logging in:

Create a new app

Give it a name (this matters for review)

3. Get Your OAuth Credentials

Inside your app:

Open OAuth credentials

Copy your Client ID and Client Secret

You’ll need these later when wiring OAuth in your backend.

4. Publish Your App (This Is the Important Part)

Publishing is mandatory. This is where most people get stuck.

It has four sections 👇

Section 1: Describe Your App

Upload a logo

(Don’t overthink it — a placeholder logo is fine. You can change it later.)

Write a clear description of what your app does

Keep it simple and honest.

Section 2: Review Scope (Critical)

This determines what access your app is requesting.

If you’re only using OAuth for login, select:

current_user:read

You must also explain why you need it.

Template you can use:

I use this scope to verify that the user is a real Figma user before allowing them to access the application.

Yes — this is enough.

Section 3: Reviewer Instructions (Most Important)

This is where you explain how the reviewer should test your app.

If this section is unclear, your app will be rejected.

Template (customize this):

This app uses Figma OAuth only for authentication (“Sign in with Figma”).

Steps to test:

Open the app

Click “Sign in with Figma”

Approve the OAuth request

You will be redirected back and logged in

Be explicit. Assume the reviewer knows nothing about your app.

Section 4: Final Review

Review everything

Agree to Figma’s guidelines

Submit

That’s it.

What Happens After Submission?

Now you wait.

⏱ Usually 2–5 business days

📧 You’ll receive an email

If approved → you’re good to integrate OAuth.

If rejected → Figma tells you exactly why, so you can fix it and resubmit.

Key Takeaways (Learned the Hard Way)

Figma OAuth ≠ Google OAuth
Approval comes before integration
Clear reviewer instructions matter more than code
Minimal scopes = higher approval chances

Once you understand this flow, Figma OAuth stops feeling “broken” and starts making sense.

About Me

I build full-stack products, work on AI + developer tooling, and write about real-world engineering lessons.

GitHub → MyGitHub
LinkedIn → MyLinkedIn

DEV Community: abu