OAuth2 Authentication

Solo includes an integrated OAuth2 engine for retrieving, storing, and automatically renewing access tokens, simplifying authentication procedures during testing.

Flow Automation

You can configure authentication once at the request or collection level. Solo manages the following phases:

Automatic Retrieval: If the token is missing or expired, a request is sent to the authorization server before the API call.
Transparent Injection: The obtained token is automatically inserted into the Authorization: Bearer <token> header.
Silent Refresh: In case of an authorization error, Solo attempts to use the refresh token (if available) to obtain a new key and repeat the original call.

OAuth2 Configuration

Open the Auth tab: Select the “Auth” tab in the request.
Enable the Service: Activate the “Enable Authentication” toggle.
Enter Parameters: Fill in the necessary fields (Token URL, Client ID, Client Secret, etc.). You can use {{ variable }} placeholders.
Response Mapping: Define the path (JSON Path) to find the token in the server’s response (e.g., access_token).
Send: Click “Send” on the main request. Token retrieval is handled automatically before the data is sent.

Advanced Features

Local Encryption of Secrets

Solo stores Client Secrets and tokens locally using secure encryption algorithms, avoiding plaintext storage in configuration files.

Parameter Flexibility

You can customize the parameters sent in the token request (Grant Type, Scope, custom parameters) via a dedicated configuration table.

Configurator Specifications

Field	Description	Variable Support
Token URL	Authorization server endpoint.	Yes
Token Path	JSON path for token extraction (e.g., `data.token`).	No
Grant Type	Authorization type (e.g., `client_credentials`, `password`).	Yes
Client ID/Secret	Application credentials.	Yes
Template	Table for adding custom parameters.	Yes