Connect via OAuth (one-click)

OAuth is the easiest, safest way to connect Popcorn to your AI agent. You paste the Popcorn URL into your client, click Connect, sign in to Popcorn in your browser, and approve. The client gets an access token automatically — nothing to copy or store.

When OAuth works

If your client supports remote MCP with OAuth, use this method. Currently:

Claude Mac App — supports OAuth via the Connectors UI.
Cursor — supports OAuth.
Windsurf — supports OAuth.
VS Code (with GitHub Copilot Chat 1.101+) — supports OAuth.
Tasklet — supports OAuth via natural-language setup.
Other MCP clients that support remote MCP OAuth.

If your client doesn’t have an OAuth flow, use the security token method.

The flow

In your client, add a custom MCP server with the URL:
```
https://api.popcorn.co/mcp
```
Click Connect (the exact button name varies — Connect, Add, Authorize).
Your browser opens to Popcorn. If you’re not signed in, do that first.
Click Approve on the consent screen.
The browser tab closes and your client confirms the connection.
Open a new chat in your client and ask it to make a movie.

What gets created

When you approve, Popcorn issues an OAuth access token to that specific client (e.g. “Claude Mac App on Shahar’s Mac”). It does not create a pk_live_… API key.

You can see and revoke connected agents in your Popcorn profile:

Profile → ⋯ (three-dot menu) → API Keys

The same modal lists your active API keys (security tokens) and your Connected agents (one-click-connected apps). You can revoke either independently.

What if my client doesn’t open a browser?

If your client lets you paste the URL but doesn’t kick off OAuth, look for a Sign in, Authorize, or Connect button near the server entry. Some clients only initiate OAuth on first tool call.

If nothing happens, fall back to the security token method.

Per-client guides

For step-by-step instructions per client (where OAuth lives in the UI, what to expect):