• OAuth 2.0's callback url, when grant type is Authorization Code, needs to be entered into your oauth server trusted redirect url list.
  • OAuth authentication credentials are sent via header or body; please select the appropriate one based on your server requirements.

OAuth 2.0 Callback Url

  • You need to use the provided callback url to get access code from auth server to extension.
  • You can use default url https://www.thunderclient.com/oauth/callback
  • Or You can use the localhost version http://localhost:6789/callback
  • The Callback Url should be added to your OAuth server authorised callback list.

Automatically Refresh Tokens

This feature is available in the paid version.
  • The OAuth 2 tokens will be refreshed automatically at request, folder & collection level
  • The token values are saved locally and not in json files
  • if there is any problem, please click Generate Token button again, the refresh should work.

Save Token Per Environment

  • You can also save tokens per environment, please enable VS Code setting Save Token Per Environment
  • Thunder Client refreshes the OAuth token every time you switch environments.

refresh token per environment

SSL Certificates

  • Provide SSL certificate paths for auth, using the relative path to the workspace or absolute paths.
  • Use the Certificates VS Code setting, see example below:
"thunder-client.certificates": [
            "host": "thunderclient.io",
            "certPath": "ssl/cert.pem",
            "keyPath": "ssl/keyfile.key",
            "pfxPath": "ssl/pfx.p12",
            "passphrase": "test"
            "host": "localhost:8081",
            "pfxPath": "/Users/test/Documents/ssl/pfx.p12",
            "passphrase": "test"
            "host": "testing.com",
            "certPath": "ssl/cert.pem",
            "keyPath": "ssl/keyfile.key"