OAuth 2.1 token provider using client credentials flow.
Manages token lifecycle: fetches tokens from the authorization server's token endpoint, caches them, and refreshes 60 seconds before expiry.
Token Endpoint Discovery
If not provided, the token endpoint is derived from the MCP URL:
https://gateway.datagrout.ai/servers/{id}/mcp
→ https://gateway.datagrout.ai/servers/{id}/oauth/tokenUsage
{:ok, provider} = DatagroutConduit.OAuth.start_link(
client_id: "my-client-id",
client_secret: "my-secret",
token_endpoint: "https://auth.example.com/oauth/token"
)
{:ok, token} = DatagroutConduit.OAuth.get_token(provider)Summary
Functions
Returns a specification to start this module under a supervisor.
Derives an OAuth token endpoint from an MCP URL.
Returns a valid access token, fetching or refreshing as needed.
Invalidates the cached token, forcing a fresh fetch on the next get_token call.
Starts the OAuth token provider.
Types
Functions
Returns a specification to start this module under a supervisor.
See Supervisor.
Derives an OAuth token endpoint from an MCP URL.
Replaces the trailing /mcp or /jsonrpc with /oauth/token.
@spec get_token(GenServer.server()) :: {:ok, String.t()} | {:error, term()}
Returns a valid access token, fetching or refreshing as needed.
@spec invalidate(GenServer.server()) :: :ok
Invalidates the cached token, forcing a fresh fetch on the next get_token call.
Starts the OAuth token provider.
Options
:client_id- OAuth client ID (required):client_secret- OAuth client secret (required):token_endpoint- Full URL to the token endpoint (required):scope- OAuth scope (optional):name- GenServer registration name (optional)