# Connections > One OAuth connection per provider unlocks every related MCP. Connect Google, GitHub, Slack, Notion, and more — credentials stay encrypted, tokens auto-refresh. A **Connection** is an OAuth link between your Aerostack workspace and a third-party provider (Google, GitHub, Slack, Notion, …). Once connected, **every MCP server for that provider works automatically** — Gmail, Drive, Calendar, and Sheets all share one Google connection; you don't connect each app separately. Tokens are encrypted with **AES-256-GCM**, refreshed in the background, and never returned through the dashboard or API. Aerostack injects them only at request time, scoped to a single tool call. --- ## How it works ``` You connect Google once ↓ Aerostack stores access_token + refresh_token (encrypted) ↓ You install Gmail / Drive / Calendar MCPs — no extra setup ↓ On every tool call, Aerostack pulls the latest token, injects it into the MCP request, and refreshes if expired ``` --- ## Two ways to connect Google | | **Aerostack-Verified** | **Custom (BYO)** | |---|---|---| | Status | Coming soon | **Available now** | | Setup time | 0 min (just click Connect) | ~5 min (you create your own Google OAuth app) | | Test-user limit | None | 100 (from your Cloud Console) | | Quota | Shared across Aerostack users | Your own quota — independent | | Refresh tokens | Auto-rotate forever | Auto-rotate forever | | "App not verified" warning | Hidden | Shown on first authorize (one click past) | If you can spare 5 minutes, **BYO is recommended today** — your tokens never expire, your quota is your own, and you don't wait on Google verification. → [**Connect Google (Custom OAuth) — full guide**](./google) --- ## Other providers | Provider | Status | |---|---| | Notion | ✅ Available | | GitHub | ✅ Available | | Slack | ✅ Available | | Linear | ✅ Available | | Atlassian (Jira / Confluence) | ✅ Available | | Discord | ✅ Available | | Figma | ✅ Available | | Canva | ✅ Available | | Trello | ✅ Available | | Microsoft (Outlook, OneDrive, Teams) | 🟡 Coming soon | | Dropbox | ✅ Available | | Asana | ✅ Available | | HubSpot | ✅ Available | | Salesforce | ✅ Available | | **Google** (Gmail, Drive, Calendar, Sheets) | 🟡 Verified app coming soon · ✅ Custom OAuth available | --- ## Security model - Each token is encrypted with a per-environment AES-256-GCM key. The dashboard never returns plaintext. - Refresh tokens rotate before expiry via a background cron — your MCP calls keep working without manual intervention. - Disconnecting from the dashboard immediately revokes the broker token and deletes the encrypted secret. Your provider account is untouched. - A connection is **per-workspace**, not per-user — workspace members share the same tokens. Use separate workspaces if you need separate identities.