# Full-Stack Developer: OAuth 2.0 Integration with Access Delegation ## Project Overview Building a production OAuth system for Agency Pilot, a multi-tenant SaaS for marketing agencies. This isn't simple "login with Google"—it's a two-tier system where clients authorize agencies, and we programmatically add agency team members to client platforms (Facebook Pages, Google Analytics, Google Ads, etc.). ## The Challenge When clients authorize access, the OAuth callback must: 1. Store encrypted tokens for metric retrieval 2. Call platform APIs to grant agency users appropriate roles (Admin/Editor/Viewer) Agency users can then log directly into Facebook, Google Ads, etc. to manage clients, while Agency Pilot pulls unified metrics. ## Scope **11+ Platform Integrations:** - Google Suite (7 products, single OAuth): GMB, Search Console, Analytics UA/GA4, Tag Manager, Ads, YouTube - Social: Meta (Facebook/Instagram), TikTok, LinkedIn, Reddit **Three Permission Levels:** - Read: API metrics only - Write: Editor roles on platforms - Manager: Admin roles with full control **Core Features:** - Two-tier OAuth (agency-owned accounts + client delegations) - Platform delegation APIs (adding users to Pages, Analytics properties, Ads accounts) - AES-256-GCM token encryption with automatic refresh - Multi-tenant PostgreSQL with Row-Level Security - Background workers for token refresh and data sync - Complete audit logging ## Tech Stack Node.js/TypeScript, Supabase (PostgreSQL), BullMQ/Redis, React frontend ## Requirements - Production OAuth experience (token management, not just social login) - Experience with 2-3 of: Google APIs, Facebook Graph API, platform user management APIs - Multi-tenant architecture with data isolation - TypeScript/Node.js backend development Bonus: Marketing platform experience, Supabase familiarity ## Deliverables - OAuth flows for all platforms with delegation - Token encryption service with auto-refresh - Metric fetching services per platform - Database migrations and RLS policies - Background workers - Integration tests ## Timeline 4-8 weeks depending on platform familiarity. Open to phased delivery (Google first, then social). **To apply:** Share relevant OAuth integration examples, especially any involving platform delegation APIs or multi-tenant access control.