18

Till now, the REST API application we've been developing has used a simple api key passed in as a URL parameter, but we've just switched to using the OAuth2 Client Credentials Flow.

This is the simple workflow in which a client POSTs a key and secret via basic authentication and receives an expiring access token. Unfortunately, simple as it is, it's made it considerably more difficult to do quick tests of the API in a browser, either during development or for our support team to do installation sanity checks.

I've tried OAuth 2.0 Playground and REST Console for Chrome, but both of these only seem to support the more complex Authorization Code Grant workflow. Is there a browser-based tool that supports the Client Credentials flow?

Improve this question
3
  • What is the issue with rest console to test client credentials flow ? Commented Feb 15, 2014 at 19:42
  • recently i test client credentials flow with firefox poster tool Commented Feb 15, 2014 at 19:44
  • You can use REST Console to manually make the token request and then manually set the Authentication header, but the built-in OAuth2 support requires you to fill out three different URLs, even though the client credentials flow only requires one. Commented Feb 16, 2014 at 0:49

3 Answers 3

Reset to default
12

Here's my configuration for testing the client credentials flow using the Chrome extension, Postman.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

chrome.google.com/webstore/detail/postman/… - help: getpostman.com/docs/helpers
4

You can actually configure the OAuth 2.0 Playground to use the Client Credentials flow. Just click on the "Wheely" icon on the top right to open the configuration menu and select the "Client Side" Flow.

Another trick you can "Restore" the Playground by generating a URL (click on the "URL" ico on the top right). For instance use this link to have the playground configured for the Client Credential flow automatically: https://developers.google.com/oauthplayground/#step1&response_type=token

Improve this answer

Comments

-1

Suggest you try Google OAuth 2.0 Playground (https://developers.google.com/oauthplayground/). While it is optimized for Google-specific OAuth2 flows, you can custom configure the OAuth Endpoints and other parameters to use your flow. You'll just need to make sure to use https://developers.google.com/oauthplayground (no trailing slash) for your redirect URI, or you'll get a redirect mismatch (if your system checks that.) Once configured it lets you save a parameterized URL so you don't have to type in all of the configurations the next time you go there.

Currently looking for other tools as well. Happy to post any others I find.

Improve this answer

2 Comments

As I stated in the original question, OAuth 2.0 Playground is one of the ones I tried, and I couldn't figure out how to get it to handle the client credentials flow, only the three-legged authorization code flow.
Hey there! I've build the OAuth 2.0 Playground. You can actually configure it for the Client Credentials flow. I'll add an answer for that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.