ReelRifter
All posts
FeatureIntegrationAI

Grok Now Connects to ReelRifter

May 5, 20264 min readReelRifter Team

ReelRifter has connected to Claude and ChatGPT since launch, but Grok was the one big AI assistant we hadn't sorted yet. As of today, that's fixed — Grok now connects to ReelRifter the same way Claude and ChatGPT do, and you can ask it anything about your watchlist, ratings, friends, or upcoming releases.

If you're on Pro or Family, the setup takes about a minute.

How to set it up

Go to Settings → Integrations and you'll see a Grok-specific section with the exact values to enter. The short version:

  1. Open Grok → Settings → Custom Connectors → New Connector
  2. Server URL: https://reelrifter.com/api/mcp
  3. Grok will detect that the server requires authentication and prompt for OAuth credentials. Use:
    • Client ID: anything (e.g. grok)
    • Authorization Endpoint: https://reelrifter.com/api/mcp/authorize
    • Token Endpoint: https://reelrifter.com/api/mcp/token
    • Token Auth Method: none (PKCE only)
  4. Save & Connect — you'll bounce to ReelRifter, sign in (if needed), see a consent screen showing where Grok will receive the auth code, and click Approve and connect.
  5. Done. Ask Grok about your watchlist.

What you can ask

The same 22 read-only tools that Claude and ChatGPT have access to. A few examples:

  • "What did I rate Severance?"
  • "Which Netflix shows on my watchlist are leaving in the next two weeks?"
  • "What was that thriller I rated 9 last summer?"
  • "Build me a watchlist of dark Scandinavian crime dramas with under 30 episodes."
  • "Show me everything my friend Alice has finished this month."

The tools are read-only and the AI cannot delete your account, change your subscription, or modify billing. You can revoke access at any time from Settings → Integrations.

A note on what we built behind the scenes

If you're a developer reading this, the rest of this post is for you. Skip to the bottom otherwise.

Claude and ChatGPT both connect to MCP servers using a simple bearer-token URL — paste a link with ?token=... and you're done. Grok doesn't accept that pattern; it requires OAuth 2.1 with PKCE. So we built a proper OAuth shim on top of our existing MCP endpoint:

  • /api/mcp/authorize — validates PKCE auth-request params, requires Clerk sign-in, then forwards to a consent screen
  • /api/mcp/authorize/grant — issues a stateless authorization code (HMAC-signed, 60-second TTL, embeds the PKCE code_challenge and the client's redirect_uri)
  • /api/mcp/token — exchanges the code for a long-lived bearer token by verifying the PKCE code_verifier against the embedded challenge
  • /.well-known/oauth-authorization-server and /.well-known/oauth-protected-resource — RFC 8414 / RFC 9728 metadata endpoints so OAuth-aware clients can discover where the resource server lives after the handshake

The whole thing is stateless — no new database tables, no Redis, no per-token bookkeeping. Auth codes are HMAC-signed payloads that carry the userId, the PKCE challenge, and the redirect_uri inline. Verification re-derives the signature and confirms the verifier hashes to the embedded challenge.

The trickiest bit was the discovery dance. Without OAuth metadata, Grok would complete the OAuth flow but never call the actual MCP endpoint afterward — it had a token but no idea where to use it. With the .well-known endpoints in place, Grok now correctly identifies the resource server, attaches the bearer on every tools/call, and works just like Claude and ChatGPT.

If you're building your own MCP server with OAuth support, the spec to follow is MCP authorization spec + RFC 9728 (Protected Resource Metadata) — your 401 responses need a WWW-Authenticate: Bearer realm="...", resource_metadata="..." header pointing at the metadata URL. That's how clients learn which auth server protects which resource.

What's next

We support Claude, ChatGPT, and Grok directly — but the OAuth flow we built is standards-compliant, so any other MCP-compatible client (Claude Desktop, Cursor, Windsurf, plus future entrants) should also be able to connect using the same endpoint URLs.

If you try to connect a different MCP client and run into trouble, contact us — we'd love to make sure it works.

For everyone else: enjoy asking Grok what to watch tonight. It can finally tell you. 🎬

Ready to track your shows?

Open Watchlist →