Browser test tool for OAuth2 "Client Credentials Flow"

16
votes

Till now, the REST API application we've been developing has used a simple api key passed in as a URL parameter, but we've just switched to using the OAuth2 Client Credentials Flow.

This is the simple workflow in which a client POSTs a key and secret via basic authentication and receives an expiring access token. Unfortunately, simple as it is, it's made it considerably more difficult to do quick tests of the API in a browser, either during development or for our support team to do installation sanity checks.

I've tried OAuth 2.0 Playground and REST Console for Chrome, but both of these only seem to support the more complex Authorization Code Grant workflow. Is there a browser-based tool that supports the Client Credentials flow?

3
restbrowseroauth-2.0
What is the issue with rest console to test client credentials flow ?Anurag
recently i test client credentials flow with firefox poster toolAnurag
You can use REST Console to manually make the token request and then manually set the Authentication header, but the built-in OAuth2 support requires you to fill out three different URLs, even though the client credentials flow only requires one.David Moles

3 Answers

12
votes

Here's my configuration for testing the client credentials flow using the Chrome extension, Postman.

2
votes

You can actually configure the OAuth 2.0 Playground to use the Client Credentials flow. Just click on the "Wheely" icon on the top right to open the configuration menu and select the "Client Side" Flow.

Another trick you can "Restore" the Playground by generating a URL (click on the "URL" ico on the top right). For instance use this link to have the playground configured for the Client Credential flow automatically: https://developers.google.com/oauthplayground/#step1&response_type=token

-1
votes

Suggest you try Google OAuth 2.0 Playground (https://developers.google.com/oauthplayground/). While it is optimized for Google-specific OAuth2 flows, you can custom configure the OAuth Endpoints and other parameters to use your flow. You'll just need to make sure to use https://developers.google.com/oauthplayground (no trailing slash) for your redirect URI, or you'll get a redirect mismatch (if your system checks that.) Once configured it lets you save a parameterized URL so you don't have to type in all of the configurations the next time you go there.

Currently looking for other tools as well. Happy to post any others I find.