Note: introduced in 0.24.0.
The :oauth plugin manages the handling of a given OAuth 2.0 session, in that it ships with convenience methods to generate a new access token, which it then injects in all requests.
http = HTTPX.plugin(:oauth).oauth_auth(
issuer: "https://id-provider",
client_id: "CLIENT_ID",
client_secret: "SECRET",
scope: "all"
)
session_with_token = http.with_access_token
session_with_token.get("https://super-secret/resource") #=> access token used in the authorization header.
It supports only the “client_credentials” and “refresh_token” auth flows, and “client_secret_basic” and “client_secret_post” as auth methods.
When possible, metadata discovery will be available, behind “/.well-known/oauth-authorization-server”.
Next: SSRF Filter