How to perform OAuth Client Credentials Flow

EasyMorph does not support OAuth Client Credentials Flow out of the box, but since this flow is rather minimalistic, you can get by with using basic Web request / Parse JSON actions.

To obtain authorization token using Client Credentials Flow you have to:

1. Make a POST request to your OAuth Server

Request body should be in application/x-www-form-urlencoded form and should contain at least client_id, client_secret and grant_type fields. The first two fields should equal to your client id and secret, respectively, and grant_type should be client_credentials. You may have to specify scope field to, but that field is optinal and application-specific, e.g. it’s value depends on what are you authorizing against.

The Web request action to perform such request could look like this:

2. Parse JSON response.

Regardless of request being in application/x-www-form-urlencoded, we always get response in application/json form. In case of Client Credentials Flow response should look something like this

	'access_token': '<access token>',
	'expires_in': 'expiration time',
	'scope': 'if present, actual access scopes granted',
	'token_type': 'Bearer'

Actually we’re interested only in access_token field.

3. Extract access_token and use it

Suppose we need to be authorized to call to some protected endpoint. Using Parse JSON action we pick access_token field from the response, append Bearer string to it (that’s required by convention) and finally use this string as Authorization header value when making actual request to protected endpoint:

Parse JSON:

Append Bearer string:

And, finally, make actual request to /some-protected-endpoint: