Arcade vs Unified.to MCP: do both support OAuth Authorization Code + PKCE and IdP alignment?
AI Agent Trust & Governance

Arcade vs Unified.to MCP: do both support OAuth Authorization Code + PKCE and IdP alignment?

9 min read

Most teams comparing Arcade and Unified.to for MCP-style agents are really asking two things: can this stack handle OAuth Authorization Code + PKCE correctly, and will it line up with my existing IdP and SSO model? Those two decisions determine whether your agents can safely act as real users in Gmail, Slack, Salesforce, and other systems—or stay stuck as a service-account bot.

Quick Answer: Arcade’s MCP runtime is explicitly designed around OAuth Authorization Code + PKCE and IdP alignment for multi-user agents with user-specific permissions. Unified.to focuses on unified API aggregation and doesn’t provide the same MCP-native runtime, user-aligned authorization model, or “zero token exposure to LLMs” guarantees for agent execution.

Frequently Asked Questions

Do Arcade and Unified.to both support OAuth Authorization Code + PKCE and IdP alignment?

Short Answer: Arcade is built around Authorization Code + PKCE and IdP alignment for multi-user AI agents; Unified.to offers OAuth flows for integrations but does not provide an MCP runtime with first-class user-specific authorization and identity provider integration for agents.

Expanded Explanation:
Arcade positions itself as the runtime between AI and action with “Secure Agent Authorization” at the center. That means the whole stack assumes you’re using standard OAuth flows (Authorization Code + PKCE, via your existing IdP or the SaaS provider’s OAuth) and that each agent action is executed with the real end user’s permissions—not a shared service account. The Arcade SDK exposes this directly (client.auth.start(...) and wait_for_completion), and the MCP runtime keeps tokens out of the LLM while enforcing scoped access per user.

Unified.to, by contrast, is primarily an API unification layer: one API for many providers. It does support OAuth to connect accounts, but it’s not an MCP runtime and it doesn’t give you an agent-focused authorization model with IdP alignment, per-user permissions, and auditability baked into tool execution. You can wire Unified.to behind an agent, but you’ll be hand-rolling a lot of the authorization semantics Arcade gives you out of the box.

Key Takeaways:

  • Arcade: MCP-native runtime with OAuth Authorization Code + PKCE and explicit IdP alignment for multi-user agents.
  • Unified.to: unified integration API with OAuth support, but not an MCP runtime or full “agent authorization” layer aligned to your IdP and SSO model.

How does OAuth Authorization Code + PKCE work with Arcade’s MCP runtime?

Short Answer: Arcade wraps OAuth Authorization Code + PKCE in simple SDK calls (auth.start, wait_for_completion) and ties the resulting tokens to a user identity in the MCP runtime, so agents can call tools like Google.SendEmail with user-specific permissions and no token exposure to the LLM.

Expanded Explanation:
With Arcade, you don’t rebuild OAuth from scratch for every integration. You use a consistent flow:

  • Start an auth session for a user and provider (client.auth.start(user_id, "google")).
  • Redirect the user through your existing IdP / OAuth flow.
  • Let Arcade handle token exchange, storage, and refresh behind the scenes.

Once completed, any MCP tool call (e.g., Google.SendEmail, Google.CreateEvent, Slack.PostMessage, Salesforce.UpsertRecord) runs in the Arcade runtime with the right user’s tokens injected at execution time. The LLM never sees tokens; it just sees tools. Arcade enforces scopes and permissions based on how the user authenticated and what your IdP and provider granted.

Unified.to can also perform OAuth Authorization Code flows to connect user accounts, but you’re responsible for tying those connections into an agent’s identity model, ensuring PKCE is configured correctly, and building a runtime that injects tokens into tools while keeping them out of the model. That’s the gap Arcade is explicitly designed to fill.

Steps:

  1. Initiate auth via Arcade SDK
    Call something like:

    from arcadepy import Arcade
client = Arcade()
auth = client.auth.start(user_id="user@example.com", provider="google")

    and present the returned URL to the user.

  2. User completes IdP / provider sign-in
    The user authenticates via your IdP / SSO or the SaaS provider’s OAuth screen, with PKCE handled under the hood by Arcade’s auth integration.

  3. Agent uses MCP tools with user-specific tokens
    After wait_for_completion, the agent can safely call MCP tools (e.g., Gmail.ListEmails, Google.CreateEvent) and Arcade injects the scoped OAuth tokens at runtime, logging and enforcing authorization.

How is Arcade’s MCP runtime different from Unified.to’s unified API for agents?

Short Answer: Arcade is an MCP runtime + authorization layer purpose-built for agents; Unified.to is a unified API for integrations. Arcade focuses on agent-safe tool execution, user-specific permissions, and IdP integration—Unified.to focuses on data access abstraction.

Expanded Explanation:
Unified.to’s value prop is: instead of integrating separately with Google, Slack, Salesforce, etc., you integrate once with their API and let them handle provider-specific differences. That’s helpful for building traditional SaaS features, but it doesn’t answer the core agent questions: “Which user is this action on behalf of?” “What scopes are allowed?” “What does my security team see in the audit trail?” and “How do I keep tokens out of the model?”

Arcade assumes you’re building multi-user agents from day one. It provides:

  • An MCP runtime where tools are first-class, not just HTTP endpoints.
  • Agent-optimized tools (not thin API wrappers) with predictable schemas and side effects.
  • A secure authorization model where each tool call is tied to a user identity and governed by OAuth scopes, IdP alignment, RBAC, and audit logs.
  • Compatibility with existing agent frameworks and clients (Cursor, Claude, LangGraph, LangChain, and more).

Unified.to can be one of the underlying APIs your agent talks to, but you’ll still need to solve MCP orchestration, user-aligned authorization, and governance yourself—or pair it with an agent runtime like Arcade.

Comparison Snapshot:

  • Option A: Arcade MCP runtime
    • MCP-native tools (Google.SendEmail, Gmail.ListEmails, Slack.PostMessage).
    • OAuth Authorization Code + PKCE integrated with your IdP.
    • User-specific authorization, zero token exposure to LLMs, audit logs, RBAC/SSO.
  • Option B: Unified.to
    • Unified REST/GraphQL-style API across providers.
    • OAuth account connections per provider.
    • No MCP runtime, no built-in agent authorization semantics, you build the glue.
  • Best for:
    • Arcade: production multi-user agents moving “from chat to action” across Gmail, Calendar, Slack, Linear, GitHub, HubSpot, Salesforce, and more.
    • Unified.to: traditional SaaS backends that want one API instead of many, and are willing to own the agent/runtime/authorization layer themselves.

How do I implement IdP-aligned, user-specific authorization for agents with Arcade?

Short Answer: You hook Arcade into your existing IdP/OAuth flows, map your user identities, and let the MCP runtime enforce authorization per user whenever tools are called—no service-account bots, no token juggling in your own code.

Expanded Explanation:
In a real organization, your security team cares far less about “does the agent work?” and far more about “whose permissions does the agent use?” and “where do we see what it did?” Arcade is built to answer those questions. Agents act with user-specific permissions, not a superpowered service account that bypasses all your policies.

Implementation typically looks like:

  • Your app uses your existing IdP (Okta, Azure AD, Google Workspace, etc.) for SSO/SAML.
  • Arcade maps users in its runtime to your identifiers (emails, subject IDs, etc.).
  • When a user connects Gmail, Google Calendar, Slack, Salesforce, or another system, Arcade uses OAuth Authorization Code + PKCE aligned with your IdP/SSO model to collect the minimum required scopes.
  • Every MCP tool call goes through Arcade’s runtime, which:
    • Determines the acting user.
    • Injects the right tokens.
    • Applies scopes and RBAC.
    • Logs the action for auditability.

You don’t pass tokens into prompts, and you don’t build your own token store. You focus on tool design and agent behavior.

Unified.to, on the other hand, doesn’t give you this IdP-aligned agent runtime. You can still align its OAuth connections to users in your system, but you’ll have to build:

  • The mapping from IdP identities to Unified.to connections.
  • The runtime that enforces “this user can do X but not Y.”
  • The audit trail around agent actions.

What You Need:

  • An IdP or OAuth provider for user sign-in (Okta, Azure AD, Google Workspace, etc.).
  • Arcade’s MCP runtime and SDK (arcadepy or JS SDK) wired into your agent stack, with user identifiers flowing cleanly from your app to Arcade for auth and tool execution.

Strategically, when should I choose Arcade over Unified.to for MCP agents?

Short Answer: Pick Arcade when your priority is production-grade, multi-user MCP agents with strong authorization, IdP alignment, and tool governance; consider Unified.to when you just need a unified API and are prepared to build the entire agent and auth runtime yourself.

Expanded Explanation:
If you’re just shipping a backend service that needs to read from a few CRMs or calendars, a unified API can reduce integration surface area. But as soon as you move into agents—especially across multiple users—everything changes. Service accounts stop working, security reviews get real, and every “just this one token” shortcut becomes a risk.

Arcade exists specifically for that world:

  • It makes MCP enterprise-ready (as LangChain’s team put it): connects to identity providers, enforces agent authorization, and enables real actions in Google, Slack, Salesforce, and more.
  • It keeps credentials out of the LLM entirely (“zero token exposure to LLMs”).
  • It gives you SDK-first patterns (auth.start, wait_for_completion, agent-optimized tool calls) instead of bespoke glue code.
  • It includes open-source MCP frameworks so you can build your own tools with OAuth and evals already wired in.

Unified.to is not wrong—just solving a different problem. It standardizes integration surfaces but doesn’t replace a runtime that understands agents, identities, and permissions.

Why It Matters:

  • Security & governance: With Arcade, each agent action is traceable to a user, scoped by OAuth/IdP, and visible in audit logs. That’s the difference between “cool demo” and “security sign-off.”
  • Time-to-production: Arcade removes the need to rebuild OAuth, token refresh, permissioning, and MCP orchestration for every integration. You ship working MCP agents faster, with fewer 2 a.m. token bugs.

Quick Recap

Arcade and Unified.to sit at different layers. Unified.to is a unified integration API; Arcade is an MCP runtime and secure authorization layer for multi-user agents. Arcade is built around OAuth Authorization Code + PKCE and IdP alignment so agents act with real user permissions, with zero token exposure to the LLM and full observability. You can pair Unified.to with an agent stack, but you’ll be reimplementing much of what Arcade already gives you: user-specific authorization, runtime token injection, audit trails, and MCP-native tools.

Next Step

Get Started

Back to AI Agent Trust & Governance

Keep Reading

More from AI Agent Trust & Governance

Best way to implement “act as user” OAuth for agents (Authorization Code + PKCE) without building token storage/rotation

Read more

Arcade Enterprise: who do I contact for SSO/SAML + audit logs + dedicated tenant, and what does the security review require?

Read more

Arcade setup: how do I configure an OAuth provider for Google Workspace so each user connects their own account?

Read more