Auth

OAuth 2.0's callback url, when grant type is Authorization Code, needs to be entered into your oauth server trusted redirect url list.
OAuth authentication credentials are sent via header or body; please select the appropriate one based on your server requirements.

OAuth 2.0 Callback Url

You need to use the provided callback url to get access code from auth server to extension.
You can use default url https://www.thunderclient.com/oauth/callback
Or You can use the localhost version http://localhost:6789/callback
The Callback Url should be added to your OAuth server authorised callback list.

Automatically Refresh Tokens

The OAuth 2 tokens will be refreshed automatically at request, folder & collection level
The token values are saved locally and not in json files
You can also save tokens per environment, please enable VS Code setting Save Token Per Environment
if there is any problem, please click Generate Token button again, the refresh should work.

SSL Certificates

Provide SSL certificate paths for auth, using the relative path to the workspace or absolute paths.
Use the Certificates VS Code setting, see example below:

"thunder-client.certificates": [
        {
            "host": "thunderclient.io",
            "certPath": "ssl/cert.pem",
            "keyPath": "ssl/keyfile.key",
            "pfxPath": "ssl/pfx.p12",
            "passphrase": "test"
        },
        {
            "host": "localhost:8081",
            "pfxPath": "/Users/test/Documents/ssl/pfx.p12",
            "passphrase": "test"
        },
        {
            "host": "testing.com",
            "certPath": "ssl/cert.pem",
            "keyPath": "ssl/keyfile.key"
        },
    ]

Environments Cookies