Oauth2 ClientCredentials Authorization hangs

[rngtng]

For some reasons authorization with Oauth2 ClientCredentials only request the token, but not the actual api call. Imagine following code:

@host = https://api.de
@sb_clientId = ...
@sb_clientSecret = ...
@sb_tokenEndpoint = https://api.de/oauth/token

### Person
GET /foo
Authorization: oauth2 client_credentials sb

Both in CLI & vsc-plugin I see the request for obtaining an access token successfully executed, but the subsequent call for requesting /foo doesn't happen. I tried the 'Arbeitsagentur Jobbörse' exmaple, there it worked. Any ideas what could be wrong or how to debug this?

btw. @sb_tokenEndpoint = /oauth/token or @sb_tokenEndpoint = {{host}}/oauth/token fails as well - why?

[AnWeber]

I would simply increase the log level first. Add --debug or --verbose to your httpyac cli call. The "silent" abort actually only happens when an action cancels processing. With verbose you should see who started the processing last and there I would then set a breakpoint.

[AnWeber]

Try adding a breakpoint in this line: https://github.com/AnWeber/httpyac/blob/main/src/variables/replacer/oauth2VariableReplacer.ts#L20. OpenIdInformation should get filled with your AccessToken in this method.

[rngtng]

Ah thanks, I found the problem. The token request endpoint returns status 201, but https://github.com/AnWeber/httpyac/blob/main/src/variables/replacer/oauth/openIdInformation.ts#L54 checks only for 200. Unsure what the oauth spec says, but never had this issue before and used various other clients with that flow. so ok to allow both 200 and 201 statuses?

[AnWeber]

I did not expect 201. I will see what the spec says. Otherwise all statuses <400 should be valid.
Only 200 is mentioned, your server does not conform to the spec. https://datatracker.ietf.org/doc/html/rfc6749#section-5.1

I will add <400 to the list of valid return codes.

[rngtng]

Thanks for the change, issue is solved with this....