Delegated OAuth assumes a user in the loop. Most production agent workflows don't have one. We shipped OAuth M2M as a first-class connection type — client credentials flow, token lifecycle management, service account auth for Snowflake and BigQuery already built in. Backend agents now have a clean auth path without any custom plumbing.

A nightly data reconciliation agent reads from BigQuery and writes results to a Salesforce object. No human involved — it's a service-to-service flow on a schedule. The developer configures the BigQuery connection with OAUTH_M2M using a GCP service account. Scalekit handles token acquisition, refresh, and rotation. The agent's API calls are fully authenticated without ever initiating a user OAuth flow.

Same pattern applies to any backend workflow: Snowflake analytics, Tableau publishing, internal API calls that run as a service principal.

What's included

• New OAUTH_M2M connection type with SDK bindings across Python, Node.js, and Go.
• Client credentials flow — agents authenticate as a service principal, not a delegated user.
• Pairs directly with BigQuery and Snowflake connectors — both use service account auth.
• Unlocks backend-to-backend integrations that don't require user consent at any stage.