OAuth Client Credentials

Name: DevTools
Author: DevTools

This template exchanges client credentials for an OAuth access token and uses that token to call a protected API. Ideal for service-to-service integrations and headless CI checks.

Required env vars

CLIENT_ID (CI secret)
CLIENT_SECRET (CI secret)
Optional: TOKEN_URL if it varies by environment

How to run it

devtools flow run oauth-client-creds.yaml

TODO:

Add a screenshot of token retrieval in Studio with headers.
Short clip of CLI run and JUnit report output in CI.

# oauth-client-creds.yaml
version: 1
name: OAuth CC flow
env:
  TOKEN_URL: https://auth.example.com/oauth/token
  CLIENT_ID: {{#env:CLIENT_ID}}
  CLIENT_SECRET: {{#env:CLIENT_SECRET}}

requests:
  - id: get_token
    method: POST
    url: {{ env.TOKEN_URL }}
    headers:
      Content-Type: application/x-www-form-urlencoded
    body:
      form:
        grant_type: client_credentials
        client_id: {{ env.CLIENT_ID }}
        client_secret: {{ env.CLIENT_SECRET }}
    expect:
      - status: 200

  - id: list_accounts
    method: GET
    url: https://api.example.com/accounts
    headers:
      Authorization: Bearer {{ get_token.response.body.access_token }}
    expect:
      - status: 200

What to change

Token URL: env.TOKEN_URL to your auth server.
Protected endpoint: replace /accounts with your API.
Token path: adjust get_token.response.body.access_token to match your response.
Scopes: add scope to the form body if required.

Common variations

Audience/tenant parameters in token request.
Cache token for reuse across multiple requests.
Retry on 5xx from auth server with backoff.
Parameterize scopes per environment.

OAuth Client Credentials

Required env vars

How to run it

What to change

Common variations

Links