Support for oAuth2 direct grant flows and bearer token authorization

[pke]

I wonder if we could add a feature to support direct grant OAuth2 workflow to the action?

- authorization:
  type: oauth2-direct-grant
  username: $USERNAME
  password: $PASSWORD
  tokenUri: https://someserver/aouth2/token  

And then the action uses the returned Bearer token for authorization

[legonmarian]

I agree, this feature would be a fantastic addition! 🤞 In the meantime, I found a workaround that might help.

You can set up a separate workflow file to run every 30 minutes (or another interval of your choice) to retrieve a fresh bearer token. Here's an example:

name: Generate Bearer Token
on:
  workflow_dispatch: 
  schedule:
    - cron: "*/30 * * * *"  # Runs every 30 minutes

jobs:
  generate-token:
    runs-on: ubuntu-latest
    steps:
      - name: Set Bearer token
        shell: bash
        env:
          GH_TOKEN: ${{ secrets.GH_PAT || github.token }}
        run: |
          echo "Requesting access token..."

          RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \
            -u "${{ secrets.CLIENT_ID }}:${{ secrets.CLIENT_SECRET }}" \
            -d "grant_type=client_credentials&scope=${{ secrets.SCOPE }}" \
            "${{ secrets.ACCESS_TOKEN_URL }}")

          HTTP_BODY=$(echo "$RESPONSE" | sed '$d')
          HTTP_STATUS=$(echo "$RESPONSE" | tail -n1)

          echo "HTTP Status Code: $HTTP_STATUS"

          if [ "$HTTP_STATUS" -ne 200 ]; then
            echo "Error: Received HTTP status code $HTTP_STATUS"
            echo "Response Body: $HTTP_BODY"
            exit 1
          fi

          TOKEN=$(echo "$HTTP_BODY" | jq -r '.access_token')

          if [ -z "$TOKEN" ] || [ "$TOKEN" == "null" ]; then
            echo "Error: Failed to retrieve access token"
            echo "Response Body: $HTTP_BODY"
            exit 1
          fi

          echo "Access token retrieved successfully."

          # Use GitHub CLI to update the secret
          echo $TOKEN | gh secret set BEARER_TOKEN --repo ${{ github.repository }}

You can then use this updated token directly in your .upptimerc.yml configuration:

sites:
  - name: API Bearer OAuth 2.0
    url: $URL
    headers:
      - "Authorization: Bearer $BEARER_TOKEN"

This workflow will ensure your token is refreshed periodically and applied where needed. Hope this helps until we see this feature natively supported! 😊