Auth

The OAuth 2.0 callback URL, when the grant type is Authorization Code, must be added to your OAuth server’s trusted redirect URL list.
OAuth authentication credentials can be sent via the header or body; please select the appropriate option based on your server requirements.

OAuth 2.0 Callback URL

You must use the provided callback URL to get the access code from the auth server to the extension.
You can use the default URL https://www.thunderclient.com/oauth/callback.
Or you can use the localhost version http://localhost:6789/callback.
The callback URL should be added to your OAuth server authorised callback list.

Automatically Refresh Tokens

This feature is available in the paid version.

The OAuth 2 tokens are refreshed automatically at the request, folder, and collection levels.
Token values are saved locally and not in JSON files.
If there is any problem, please click the Generate Token button again; the refresh should work.

Save Token Per Environment

You can also save tokens per environment; please enable the VS Code setting Save Token Per Environment.
Thunder Client refreshes the OAuth token every time you switch environments.

refresh token per environment

SSL Certificates

Provide SSL certificate paths for auth, using either relative paths to the workspace or absolute paths.
Use the Certificates VS Code setting. See the example below:


"thunder-client.certificates": [
        {
            "host": "thunderclient.io",
            "certPath": "ssl/cert.pem",
            "keyPath": "ssl/keyfile.key",
            "pfxPath": "ssl/pfx.p12",
            "passphrase": "test"
        },
        {
            "host": "localhost:8081",
            "pfxPath": "/Users/test/Documents/ssl/pfx.p12",
            "passphrase": "test"
        },
        {
            "host": "testing.com",
            "certPath": "ssl/cert.pem",
            "keyPath": "ssl/keyfile.key"
        },
    ]