OAuth (John Deere)

FieldMCP uses OAuth 2.0 to connect farmers to their John Deere accounts. Once authorized, FieldMCP can access the farmer's field data, equipment, and operations through the MCP tools.

How It Works

1. Developer initiates connection from Dashboard
2. Farmer is redirected to John Deere sign-in
3. Farmer authorizes access (scopes: ag1 ag2 ag3)
4. FieldMCP receives and encrypts the OAuth tokens
5. Developer can now make MCP calls for that farmer

Connecting a Farmer

From the Dashboard

1. Go to Dashboard > Farmers
2. Click Connect Farmer
3. Share the authorization link with the farmer
4. The farmer signs into John Deere and authorizes access
5. The farmer appears in your dashboard once authorized

Programmatically

Use the enterprise REST API to initiate the OAuth flow:

# Get the authorization URL
curl -X POST https://gateway.fieldmcp.com/api/v1/oauth/authorize \
  -H "Authorization: Bearer field_live_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"redirect_uri": "https://yourapp.com/callback"}'

Token Management

• Access tokens expire after 30 minutes and are refreshed automatically
• Refresh tokens last ~90 days and extend on each use
• Encryption — All tokens are encrypted with ChaCha20-Poly1305 before storage
• Automatic refresh — The gateway refreshes tokens on-demand when they have less than 5 minutes remaining

You don't need to manage token refresh yourself — FieldMCP handles it transparently.

Scopes

FieldMCP requests these John Deere OAuth scopes:

Disconnecting a Farmer

To revoke access:

1. Go to Dashboard > Farmers
2. Click the farmer's row
3. Click Disconnect

This revokes the OAuth tokens and removes the farmer's data from the cache. The farmer can also revoke access from their John Deere account settings.

Errors