Guide

How I Connected a Lovable App to ChatGPT Using MCP

I connected my Clockified time-tracking app directly to ChatGPT using MCP. The first connection failed, which turned out to be useful because it exposed the parts that still need proper technical review, including OAuth, tool schemas and security.

6 July 2026

How I Connected a Lovable App to ChatGPT Using MCP

I went into Clockified to make a small update and ended up turning the app into something ChatGPT could query directly through natural language.

Clockified is a time-tracking app I built in Lovable to handle time tracking and reporting. When I opened it recently, Lovable presented me with an option to make the app available through MCP.

At the press of a button, it added the integration, identified useful parts of the app and created three tools:

  • list_projects
  • list_time_entries
  • create_time_entry

The promise was simple enough; connect the MCP server to ChatGPT and start using Clockified without having to open the app. The reality was close, but it wasn’t quite that simple.

The initial ChatGPT connection failed. I had to try and understand how the generated authentication worked, confirm the OAuth setup with Lovable, correct the connection method in ChatGPT and then update the output schemas for the tools before everything worked properly.

Once I’d researched and understood how to resolve those issues, I could select Clockified directly from the plus button in a ChatGPT conversation and ask questions such as:

Show me my recent time entries with tag checkout optimisation

 

ChatGPT queries Clockified, retrieves the relevant data and works with the result inside the conversation.

At this point the MCP stopped feeling like an interesting technical concept and started feeling like something much more practical.

What MCP is doing here

In layman’s terms, an MCP server exposes selected capabilities from an application so an AI client can discover and call them.

Those capabilities are called tools.

A tool might:

  • retrieve records
  • search data
  • create something
  • update something
  • trigger a process

Each tool has a defined purpose and structured inputs and outputs. The AI model can then decide which tool to call based on what the user asks. MCP uses schemas to define and validate those tool interfaces. (Model Context Protocol)

In the case of Clockified, the architecture now looks roughly like this:

Clockified
↓
MCP server
↓
OAuth authentication
↓
ChatGPT (chat using the connected Clockified app)
↓
Natural-language request
↓
Relevant Clockified tool
↓
Structured result returned to ChatGPT output

The result – I have given ChatGPT a controlled way to interact with the core functionality in Clockified.

The three tools Lovable created

Lovable identified three useful operations from the existing app. I would recommend starting with the recommendations and adding more tools once you’ve got the first set working.

List projects

list_projects

This gives ChatGPT access to the projects belonging to the authenticated Clockified user.

A natural-language request might be:

Show me all of my current Clockified projects

List time entries

list_time_entries

This retrieves time entries and can be filtered by date range.

Once the data reaches ChatGPT, I can ask broader questions around it:

Show me my most recent time entries

Find entries with a particular tag

Summarise the work I logged last week

Break my time down by project

This is where the connection becomes more useful than simply reproducing another dashboard.

The app provides the underlying data and ChatGPT provides the conversational layer for querying and analysing it.

Create a time entry

create_time_entry

This is a write action. It allows ChatGPT to create a new record using structured information including:

  • project
  • description
  • start time
  • end time
  • billable status
  • rate override
  • tags

ChatGPT’s Developer mode supports both read and write tools exposed by an MCP server. Write actions require particular care because the model is no longer simply retrieving information. It can alter data in another system. OpenAI warns developers to review write actions carefully and currently requires confirmation for them by default. (OpenAI Developers)

The first problem: authentication

My initial attempt to connect Clockified to ChatGPT failed and ChatGPT returned a fairly generic error:

Error creating connector
The MCP endpoint itself returned: 401 Unauthorized

Connect a Lovable App to ChatGPT Using MCP

At first, it looked like the server was incorrectly blocking the connection.

I asked Lovable to inspect the implementation and confirmed that the MCP server had intentionally been generated with OAuth protection, so the server was doing exactly what it should.

My mistake was configuring the custom app in ChatGPT using: No Auth when the server required: OAuth

Once I changed the authentication method, ChatGPT followed the OAuth flow and took me to the Clockified sign-in and consent screen.

After authenticating, the MCP connection could operate as a signed-in Clockified user.

ChatGPT currently supports OAuth, no authentication and mixed authentication for custom MCP apps. It also supports remote MCP servers using streaming HTTP and SSE. (OpenAI Developers)

Why I didn’t remove the authentication

It would have been possible to ask Lovable to remove OAuth and expose the MCP endpoint publicly but that would have been the wrong fix and would have resulted in a less secure app.

Clockified doesn’t only expose read operations, it also exposes a write operation: create_time_entry

Removing authentication would mean changing the fundamental security model of the integration simply to make the connection easier.

The better approach was to understand the authentication that Lovable had already generated and configure ChatGPT correctly. This is an important part of making any application MCP-ready.

The question should not be:

How quickly can I expose this to ChatGPT?

It should be:

What should ChatGPT be allowed to access, whose data should it see and what should it be allowed to change?

The second problem: tool output schemas

Authentication fixed the connection, but that wasn’t the end of the work.

The next issue was with the generated tool definitions.

The tools needed clear, valid output schemas so ChatGPT could properly understand and validate what each operation returned. While this isn’t compulsory, it is recommended so the outputs are consistent – useful if you need to send the data on to an agent or spreadsheet.

This required another round of checking between Lovable and ChatGPT.

I updated the output schemas in Lovable, refreshed the integration and confirmed that ChatGPT could understand the tools correctly.

MCP tools are schema-defined interfaces. They have specific operations and structured inputs and outputs, with JSON Schema used for validation. (Model Context Protocol)

The AI client needs to understand:

  • what the tool does
  • when to use it
  • what parameters it accepts
  • which parameters are required
  • what data it returns

Poorly defined tools create ambiguity, whereas well-defined tools give the AI a much better chance of choosing the correct action and handling the results properly.

OpenAI also recommends clear, action-oriented tool names and descriptions, including guidance about when a tool should be used and descriptions for its parameters. (OpenAI Developers)

Connecting the MCP server to ChatGPT

Once the OAuth and schema issues were resolved, the ChatGPT side was relatively straightforward. I enabled Developer mode and created a custom app using the Clockified MCP server URL.

Connect a Lovable App to ChatGPT Using MCP

ChatGPT currently allows developers to add remote MCP servers as custom apps. These apps can expose read and write tools and can use OAuth authentication. (OpenAI Developers)

The process was:

  1. Enable Developer mode in ChatGPT
  2. Create a new custom app
  3. Enter the Clockified MCP server URL
  4. Select OAuth authentication
  5. Complete the Clockified sign-in and consent flow
  6. Check that ChatGPT can discover the available tools
  7. Refresh the app after updating any tool definitions

OpenAI’s current documentation also notes that custom app definitions can be refreshed when the MCP server changes, allowing updated tools, descriptions and server instructions to be pulled into ChatGPT. (OpenAI Developers)

Using Clockified from a normal ChatGPT conversation

This is the part that changed how I thought about the integration.

I don’t have to open a specialist MCP interface, I can simply start a normal ChatGPT conversation, click the plus button and select Clockified (or by typing @Clockified).

Connect a Lovable App to ChatGPT Using MCP

I can then ask:

Show me my recent time entries with a specific tag

ChatGPT selects the relevant Clockified tool, sends the request and works with the returned data.

Connected apps can be invoked from a ChatGPT conversation through the app picker or by using an app mention. They can retrieve information and, where configured, perform actions in the connected service. (OpenAI Help Center)

The important part is that I am no longer navigating the app to find information. I am asking the system directly using natural language.

What I would test before calling an MCP integration finished

My daily experience using Clockified has made the checklist fairly clear.

Start with the smallest useful set of tools

Do not expose every possible action simply because you can.

Clockified has three tools with clear responsibilities which makes them easier to:

  • understand
  • test
  • secure
  • maintain

Separate read and write operations

Reading a time entry and creating one carry different levels of risk. The permissions and confirmation process should reflect that.

Check the authentication model properly

A public website does not automatically mean its MCP endpoint should also be public.

Authentication for the application and authentication for the MCP integration need to be considered deliberately.

Review the generated code

AI-generated integration code still needs technical review.

I wanted to understand:

  • why the endpoint returned 401
  • what was enforcing authentication
  • how the user identity was established
  • which tools were available
  • what each tool could access

The fact that Lovable generated the integration quickly did not remove the need to understand and review it.

Validate the tool schemas

Check both sides of each tool:

Input

→ What information does the tool need?

Output

→ What exactly will it return?

This became a real issue during my own implementation.

Test with normal language

A technically valid tool is not necessarily an easy tool for an AI model to use, so I tested the connection using the kinds of questions I would actually ask:

Show me recent time entries with a specific tag

This is more useful than just confirming that an MCP endpoint responds.

Beyond Clockified

Clockified is a relatively small application, but the wider possibilities are much more interesting.

Imagine a website, ecommerce store, membership platform or internal business system exposing a carefully controlled set of tools.

A team could potentially ask:

Show me orders delayed by more than five days

Which members have not logged in during the last 90 days?

Summarise this month's support issues by category

Find projects that have exceeded their estimated hours

Create a follow-up task for every approved record in this group

The AI doesn’t need unrestricted access to the whole system, it needs clearly designed tools that expose the right capabilities. That’s the part of MCP that interests me most.

The opportunity is not simply to bolt ChatGPT onto an existing application.

It is to decide which parts of a real business workflow would benefit from a natural-language interface, then expose those parts carefully and securely.

The one-click part is only the beginning

Lovable made the initial MCP implementation impressively quick.

But getting from: The app has an MCP endpoint

to: I can safely use the app through ChatGPT

still required:

  • understanding the tools
  • checking the generated code
  • diagnosing authentication
  • configuring OAuth
  • updating output schemas
  • reconnecting and refreshing the app
  • testing real queries
  • considering the security of write actions

This isn’t a criticism of Lovable in any way, it’s the interesting part.

AI-assisted development is making sophisticated integrations far faster to build, but speed does not remove the need for technical judgement. It makes that judgement more important.

What this means for the systems we build at Made Grand

At Made Grand, I am increasingly interested in websites and platforms that do more than present information.

They hold operational data, manage memberships, track projects, support customers and connect different parts of a business.

MCP introduces another possible interface for those systems: natural language.

The useful question is no longer simply whether a website or app can connect to ChatGPT.

It is: What should your team be able to ask the system, and what should the system be allowed to do in response?

Clockified was a small experiment in answering that question but it won’t be the last.

If you're planning an MVP or early-stage product and want to make sure the foundations are right before you build, we're happy to talk it through.

Start a conversation