Skip to main content

Overview

LiteClient supports OAuth 2.0 authentication with three grant types. Tokens are automatically acquired, cached in VS Code’s SecretStorage, and injected into requests.

Supported Grant Types

LiteClient supports three OAuth 2.0 flows:

Authorization Code

Traditional flow requiring user login via browser

PKCE

Enhanced security for public clients without client secret

Client Credentials

Machine-to-machine authentication with direct token exchange

Authorization Code Flow

Use this flow when your application needs to authenticate on behalf of a user.
1

Open Auth Tab

Open a request panel and click the Auth tab
2

Select OAuth 2.0

Select OAuth 2.0 from the authentication type dropdown
3

Choose Grant Type

Select Authorization Code as the grant type
4

Configure Endpoints

Enter the following URLs:
  • Authorization URL: The endpoint where users log in
  • Token URL: The endpoint that exchanges the code for a token
5

Enter Credentials

Provide:
  • Client ID: Your application’s client identifier
  • Client Secret: Your application’s secret key
6

Add Scopes (Optional)

Enter required scopes separated by spaces (e.g., read:user write:repo)
7

Get Access Token

Click Get Access Token. LiteClient will:
  1. Open your default browser
  2. Navigate to the authorization URL
  3. Wait for you to log in and authorize
  4. Receive the callback with authorization code
  5. Exchange the code for an access token
8

Token Auto-Injection

The token is automatically saved and injected in the Authorization header for all requests using this auth configuration
LiteClient handles the OAuth callback by registering a URI handler in VS Code.

Authorization Code with PKCE

PKCE (Proof Key for Code Exchange) provides enhanced security for public clients that cannot securely store a client secret.
1

Open Auth Tab

Open a request panel and click the Auth tab
2

Select OAuth 2.0

Select OAuth 2.0 from the authentication type dropdown
3

Choose PKCE Grant Type

Select Authorization Code (PKCE) as the grant type
4

Configure Endpoints

Enter:
  • Authorization URL: The authorization endpoint
  • Token URL: The token exchange endpoint
5

Enter Client ID

Provide your Client ID (no client secret needed)
6

Add Scopes (Optional)

Enter required scopes if your API requires them
7

Get Access Token

Click Get Access Token. LiteClient will:
  1. Generate a code verifier and challenge
  2. Open browser to authorization URL with PKCE parameters
  3. Receive authorization code callback
  4. Exchange code + verifier for access token
PKCE is recommended for single-page applications and mobile apps where client secrets cannot be safely stored.

Client Credentials Flow

Use this flow for server-to-server authentication without user interaction.
1

Open Auth Tab

Open a request panel and click the Auth tab
2

Select OAuth 2.0

Select OAuth 2.0 from the authentication type dropdown
3

Choose Client Credentials

Select Client Credentials as the grant type
4

Configure Token URL

Enter the Token URL (authorization URL not needed for this flow)
5

Enter Credentials

Provide:
  • Client ID: Your application identifier
  • Client Secret: Your application secret
6

Add Scopes (Optional)

Enter required scopes for your API
7

Get Access Token

Click Get Access Token. The token is acquired directly without browser interaction
Client Credentials tokens represent the application itself, not a user. Ensure your API supports this flow.

Token Management

Token Storage

LiteClient stores OAuth tokens securely:
  • Tokens are saved in VS Code’s SecretStorage
  • Tokens persist across VS Code sessions
  • Tokens are encrypted and never exposed in plain text

Token Refresh

LiteClient automatically refreshes expired tokens when possible. If refresh fails, re-authenticate via the Auth tab.

Manual Re-authentication

If your token expires or becomes invalid:
  1. Open the request’s Auth tab
  2. Verify the OAuth configuration (URLs, Client ID, Secret)
  3. Click Get Access Token to acquire a new token

Common OAuth Providers

Configuration examples for popular OAuth providers:
  • Authorization URL: https://github.com/login/oauth/authorize
  • Token URL: https://github.com/login/oauth/access_token
  • Grant Type: Authorization Code or PKCE
  • Scopes: repo, user, read:org, etc.
  • Authorization URL: https://accounts.google.com/o/oauth2/v2/auth
  • Token URL: https://oauth2.googleapis.com/token
  • Grant Type: Authorization Code or PKCE
  • Scopes: https://www.googleapis.com/auth/userinfo.email, etc.
  • Authorization URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
  • Token URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
  • Grant Type: Authorization Code or PKCE
  • Scopes: User.Read, Mail.Read, etc.

Troubleshooting

  • Verify OAuth 2.0 is selected in the Auth tab
  • Confirm you clicked Get Access Token and received a token
  • Check that the token URL is correct
  • Ensure your OAuth application’s redirect URI includes:
    • vscode://liteclienthq.liteclient/oauth-callback
  • Check that VS Code is set as the default handler for vscode:// URIs
  • LiteClient automatically refreshes tokens when possible
  • If refresh fails, manually re-authenticate via the Auth tab
  • Verify the token URL is correct