Note: introduced in 0.24.0.

The :oauth plugin manages the handling of a given OAuth session, in that it ships with convenience methods to generate a new access token, which it then injects in all requests.

http = HTTPX.plugin(:oauth).oauth_auth(
  issuer: "https://id-provider",
  client_id: "CLIENT_ID",
  client_secret: "SECRET",
  scope: "all"

session_with_token = http.with_access_token

session_with_token.get("https://super-secret/resource") #=> access token used in the authorization header.

It supports only the “client_credentials” and “refresh_token” auth flows, and “client_secret_basic” and “client_secret_post” as auth methods.

When possible, metadata discovery will be available, behind “/.well-known/oauth-authorization-server”.

Next: SSRF Filter