# Interface: OAuth2ClientCredentialsAuthentication

Defined in: [types.ts:674](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L674)

Authenticate using the OAuth2 Client Credentials flow. You must specify the token exchange URL here as part of the pack definition. You'll provide the application's client ID and client secret when authenticating.

## Example

```
pack.setUserAuthentication({
  type: sdk.AuthenticationType.OAuth2ClientCredentials,
  // This URL comes from the API's developer documentation.
  tokenUrl: "https://api.example.com/token",
});
```

## Extends

- `BaseOAuthAuthentication`

## Properties

### credentialsLocation?

> `optional` **credentialsLocation**: [`TokenExchangeCredentialsLocation`](../../enumerations/TokenExchangeCredentialsLocation/)

Defined in: [types.ts:525](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L525)

When making the token exchange request, where to pass the client credentials (client ID and client secret). The default is [TokenExchangeCredentialsLocation#Automatic](../../enumerations/TokenExchangeCredentialsLocation/#automatic), which should work for most providers. Pick a more specific option if the provider invalidates authorization codes when there is an error in the token exchange.

#### Inherited from

`BaseOAuthAuthentication.credentialsLocation`

______________________________________________________________________

### endpointDomain?

> `optional` **endpointDomain**: `string`

Defined in: [types.ts:283](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L283)

When requiresEndpointUrl is set to true, this should be the root domain that all endpoints share. For example, this value would be "example.com" if specific endpoints looked like {custom-subdomain}.example.com.

For packs that make requests to multiple domains (uncommon), this should be the domain within [PackVersionDefinition.networkDomains](../PackVersionDefinition/#networkdomains) that this configuration applies to.

#### Inherited from

`BaseOAuthAuthentication.endpointDomain`

______________________________________________________________________

### getConnectionName?

> `optional` **getConnectionName**: [`MetadataFormula`](../../type-aliases/MetadataFormula/)

Defined in: [types.ts:251](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L251)

A function that is called when a user sets up a new account, that returns a name for the account to label that account in the UI. The user's credentials are applied to any fetcher requests that this function makes. Typically, this function makes an API call to an API's "who am I" endpoint and returns a username.

If omitted, or if the function returns an empty value, the account will be labeled with the creating user's Coda username.

#### Inherited from

`BaseOAuthAuthentication.getConnectionName`

______________________________________________________________________

### instructionsUrl?

> `optional` **instructionsUrl**: `string`

Defined in: [types.ts:266](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L266)

A link to a help article or other page with more instructions about how to set up an account for this pack.

#### Inherited from

`BaseOAuthAuthentication.instructionsUrl`

______________________________________________________________________

### nestedResponseKey?

> `optional` **nestedResponseKey**: `string`

Defined in: [types.ts:518](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L518)

In rare cases, OAuth providers send back access tokens nested inside another object in their authentication response.

#### Inherited from

`BaseOAuthAuthentication.nestedResponseKey`

______________________________________________________________________

### networkDomain?

> `optional` **networkDomain**: `string` | `string`[]

Defined in: [types.ts:297](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L297)

Which domain(s) should get auth credentials, when a pack is configured with multiple domains. Packs configured with only one domain or with requiresEndpointUrl set to true can omit this.

Using multiple authenticated network domains is uncommon and requires Superhuman approval.

#### Inherited from

`BaseOAuthAuthentication.networkDomain`

______________________________________________________________________

### postSetup?

> `optional` **postSetup**: [`SetEndpoint`](../SetEndpoint/)[]

Defined in: [types.ts:289](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L289)

One or more setup steps to run after the user has set up the account, before completing installation of the pack. This is not common.

#### Inherited from

`BaseOAuthAuthentication.postSetup`

______________________________________________________________________

### requiresEndpointUrl?

> `optional` **requiresEndpointUrl**: `boolean`

Defined in: [types.ts:274](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L274)

If true, indicates this pack has a specific endpoint domain for each account, that is used as the basis of HTTP requests. For example, API requests are made to .example.com rather than example.com. If true, the user will be prompted to provide their specific endpoint domain when creating a new account.

#### Inherited from

`BaseOAuthAuthentication.requiresEndpointUrl`

______________________________________________________________________

### scopeDelimiter?

> `optional` **scopeDelimiter**: `" "` | `","` | `";"`

Defined in: [types.ts:509](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L509)

The delimiter to use when joining [scopes](#scopes) when generating authorization URLs.

The OAuth2 standard is to use spaces to delimit scopes, and the platform will do that by default. If the API you are using requires a different delimiter, say a comma, specify it here.

#### Inherited from

`BaseOAuthAuthentication.scopeDelimiter`

______________________________________________________________________

### scopeParamName?

> `optional` **scopeParamName**: `string`

Defined in: [types.ts:502](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L502)

In rare cases, OAuth providers may want the permission scopes in a different query parameter than `scope`.

#### Inherited from

`BaseOAuthAuthentication.scopeParamName`

______________________________________________________________________

### scopes?

> `optional` **scopes**: `string`[]

Defined in: [types.ts:497](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L497)

Scopes that are required to use this pack.

Each API defines its own list of scopes, or none at all. You should consult the documentation for the API you are connecting to.

#### Inherited from

`BaseOAuthAuthentication.scopes`

______________________________________________________________________

### tokenPrefix?

> `optional` **tokenPrefix**: `string`

Defined in: [types.ts:533](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L533)

A custom prefix to be used when passing the access token in the HTTP Authorization header when making requests. Typically this prefix is `Bearer` which is what will be used if this value is omitted. However, some services require a different prefix. When sending authenticated requests, an HTTP header of the form `Authorization: <tokenPrefix> <token>` will be used.

#### Inherited from

`BaseOAuthAuthentication.tokenPrefix`

______________________________________________________________________

### tokenQueryParam?

> `optional` **tokenQueryParam**: `string`

Defined in: [types.ts:539](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L539)

In rare cases, OAuth providers ask that a token is passed as a URL parameter rather than an HTTP header. If so, this is the name of the URL query parameter that should contain the token.

#### Inherited from

`BaseOAuthAuthentication.tokenQueryParam`

______________________________________________________________________

### tokenUrl

> **tokenUrl**: `string`

Defined in: [types.ts:678](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L678)

The URL that the platform will hit in order to exchange credentials for an access token.

#### Overrides

`BaseOAuthAuthentication.tokenUrl`

______________________________________________________________________

### type

> **type**: [`OAuth2ClientCredentials`](../../enumerations/AuthenticationType/#oauth2clientcredentials)

Defined in: [types.ts:676](https://github.com/coda/packs-sdk/blob/b2b4c9dba5ca748bdbb94481cc13b5ca3c328ef6/types.ts#L676)

Identifies this as OAuth2 client credentials authentication.