feat: Improvements to OAuth2-related user interface

[pietrygamat]

Description

Redesign of OAuth2 UI. Shows tokens and other information obtained from Authorization Server in separate (rudimentary) part of UI, decoupling them from information coming from actual user request. With this change it is now possible to inherit OAuth2 configuration from collection level.

This PR is a continuation of work started in #2061 where caching of access token was first implemented (currently pending review).

Request level view:

• Clicking Get Access Token (or simplly running the request) results in bruno executing correct flow.
• User may be prompted to provide password, depending on the grant type.
• After the request completes, the oauth2 credentials are stored and displayed in collapsible section at the bottom of the screen.
• Any subsequent requests witin the same collection will reuse them.
• Clearing cache resets everything back.

Collection level

• The same controls are added to collection level Auth configuration.
• Clicking Get Access Token on collection level results in executing authorization request and updating credentials.
• Inherit mode is now supported also when collection uses OAuth2.
  
  

Contribution Checklist:

• The pull request only addresses one issue or adds one feature.
• The pull request does not introduce any breaking changes
• I have added screenshots or gifs to help explain the change if applicable.
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

resolves #1999
resolves #2074
resolves #1704
resolves #2494

[lizziemac]

really wonderful, I hope this gets merged soon! 🚀 I had just a couple UI thoughts in the meantime

[lizziemac]

Looks great, I'm not sure but it looks like one of your other PRs (implicit grant) snuck in here

[pietrygamat]

Looks great, I'm not sure but it looks like one of your other PRs (implicit grant) snuck in here

It's kind of on purpose - they build up on top of eachother - the implicit grant actually requires dropping the current approach of transforming user request into token request and automatically setting Bearer token instead. I hope to get some definitive feedback from @helloanoop @sanjai0py or other maintainers on wheter the feature is unwelcome, and if so, adjust the PRs accordingly, but having two (or actually three if counting #2164) conflicting PRs is something I want to avoid.

[dhanabal-thangavel-maersk]

Dear @helloanoop , When this PR will get merged as , this change is going to be fixing many issue of OAuth and Inheritance of OAuth

[helloanoop]

OAuth interface improvements is a priority for us in Sep 2024. I will share more updates on this soon.

[lizziemac]

Waiting on this and the other OAuth changes to introduce Bruno as a solution for my team, would love to see this soon 🙏🏻

[diogenesc]

Hoping that this redesign will be available soon. It's important to our team to adopt Bruno.

[fantpmas]

Any update on this?

[kevin-courbet]

For anyone looking for a workaround in the meantime, I'll post mine. Until they make it work the way it's supposed to do, this does it just fine.

• Collection Settings > Auth. Setup the OAuth 2.0 Client Credentials config there.
• Scripts tab, add to the Pre Request field:

var token = bru.getVar('oauth2_token')
if (token) {
  req.setHeader('Authorization', `Bearer ${token}`)
}

• Add to the Post Request field:

var token = res.body.access_token;
if (token) {
  bru.setVar('oauth2_token', token)
}

Set all the requests to use "No Auth".

Essentially what this does is that for each request in the collection, there will be a pre-request fired to get the bearer token via OAuth2 as configured in the collection settings, and save this to the "oauth2_token" Bruno variable. Then, for any request in the collection, there will be a pre request action to get the token in that "oauth2_token" variable and inject it into the "Authorization Bearer" header.

[helloanoop]

These improvements are now available in the experimental build here - https://github.com/usebruno/bruno-experimental-builds/releases/tag/oauth2-revamp-v1.39.0-2025.2.5
Documentation - https://docs.usebruno.com/auth/oauth2-experimental/overview

Goal is to have this released before the end of this month (Feb 2025)

[VictorioBerra]

Just tested.

I was able to create an OAuth 2 Client Credentials Auth at the Collection Level, and then inherit the auth via requests under the collections and it worked.

I can now clean up 10 other collections that all have a "Get Token" request that I have to click first to test things.

Thank you!