Machine to machine API issue (Oauth2 Cllient Credentials)


I’ve been trying for a long time to make a machine to machine communication between my app and our ERPNext instance, through the API.
If I use the cookie method, then I can login. The problem is that this token will expire and my app won’t be able to communicate anymore.
So, I’d like to use the Client Credential Grant from Oauth2. This means, just providing some headers that grants you access to the allowed scopes.

I’ve read the code and if I’m correct, that isn’t implement so far. Would you mind guiding me on how to achieve that communication? I’m willing to write a patch if someone can clarify the right approach to add this feature.

Thank you,


Authorization Code gives you a bearer token with access_token which you can use to access resource.

It also gives a refresh_token, use this token to generate a new bearer token when old one expires.

If you wish to add Client Credential Grant oauth 2 workflow to Frappe, implement all the necessary methods required by it. refer the comments in this file oauthlib/oauthlib/oauth2/rfc6749/ at master · oauthlib/oauthlib · GitHub

Most of the methods are already implemented, you’ll have to add only unimplemented ones.

frappe/frappe/ has the OAuthWebRequestValidator Class, add / modify it.

Documentation, Welcome to OAuthLib’s documentation! — OAuthLib 3.2.2 documentation

Thank you @revant_one for you clear answer!

I’ve opted for renewing my session every hour by relogging to make sure the credentials will always be valid, this was the simplest solution.