Note: introduced in
:oauth plugin manages the handling of a given OAuth session, in that it ships with convenience methods to generate a new access token, which it then injects in all requests.
http = HTTPX.plugin(:oauth).oauth_auth( issuer: "https://id-provider", client_id: "CLIENT_ID", client_secret: "SECRET", scope: "all" ) session_with_token = http.with_access_token session_with_token.get("https://super-secret/resource") #=> access token used in the authorization header.
It supports only the “client_credentials” and “refresh_token” auth flows, and “client_secret_basic” and “client_secret_post” as auth methods.
When possible, metadata discovery will be available, behind “/.well-known/oauth-authorization-server”.
Next: SSRF Filter