diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go
index d3e6758033056..8de8f9a10d6ea 100644
--- a/lib/config/configuration_test.go
+++ b/lib/config/configuration_test.go
@@ -3665,6 +3665,10 @@ func TestAuthHostedPlugins(t *testing.T) {
 				require.NotNil(t, p.OAuthProviders.Slack)
 				require.Equal(t, "foo", p.OAuthProviders.Slack.ID)
 				require.Equal(t, "bar", p.OAuthProviders.Slack.Secret)
+
+				require.NotNil(t, p.OAuthProviders.SlackCredentials)
+				require.Equal(t, "foo", p.OAuthProviders.SlackCredentials.ClientID)
+				require.Equal(t, "bar", p.OAuthProviders.SlackCredentials.ClientSecret)
 			},
 		},
 	}
diff --git a/lib/config/fileconf.go b/lib/config/fileconf.go
index 94b0d18ebcb3d..510d87e4f9f8f 100644
--- a/lib/config/fileconf.go
+++ b/lib/config/fileconf.go
@@ -1334,7 +1334,11 @@ func (p *PluginOAuthProviders) Parse() (servicecfg.PluginOAuthProviders, error)
 		if err != nil {
 			return out, trace.Wrap(err)
 		}
-		out.Slack = slack
+		out.Slack = &oauth2.ClientCredentials{
+			ID:     slack.ClientID,
+			Secret: slack.ClientSecret,
+		}
+		out.SlackCredentials = slack
 	}
 	return out, nil
 }
@@ -1348,7 +1352,7 @@ type OAuthClientCredentials struct {
 	ClientSecret string `yaml:"client_secret"`
 }
 
-func (o *OAuthClientCredentials) Parse() (*oauth2.ClientCredentials, error) {
+func (o *OAuthClientCredentials) Parse() (*servicecfg.OAuthClientCredentials, error) {
 	if o.ClientID == "" || o.ClientSecret == "" {
 		return nil, trace.BadParameter("both client_id and client_secret paths must be specified")
 	}
@@ -1367,9 +1371,9 @@ func (o *OAuthClientCredentials) Parse() (*oauth2.ClientCredentials, error) {
 	}
 	clientSecret = strings.TrimSpace(string(content))
 
-	return &oauth2.ClientCredentials{
-		ID:     clientID,
-		Secret: clientSecret,
+	return &servicecfg.OAuthClientCredentials{
+		ClientID:     clientID,
+		ClientSecret: clientSecret,
 	}, nil
 }
 
diff --git a/lib/service/servicecfg/auth.go b/lib/service/servicecfg/auth.go
index 93a4d2eb57f62..8c5491c16522f 100644
--- a/lib/service/servicecfg/auth.go
+++ b/lib/service/servicecfg/auth.go
@@ -180,7 +180,18 @@ type HostedPluginsConfig struct {
 // PluginOAuthProviders holds application credentials for each
 // 3rd party API provider
 type PluginOAuthProviders struct {
+	// TODO(tross) delete once teleport.e has been converted.
+	// Deprecated: use SlackCredentials instead.
 	Slack *oauth2.ClientCredentials
+
+	SlackCredentials *OAuthClientCredentials
+}
+
+// OAuthClientCredentials stores the client_id and client_secret
+// of an OAuth application.
+type OAuthClientCredentials struct {
+	ClientID     string
+	ClientSecret string
 }
 
 // KeystoreConfig configures the auth keystore.