We are setting up a Terraform CI/CD pipeline and need a stable authentication method for the genesyscloud provider. The standard PKCE flow requires a browser interaction which obviously doesn’t work in a headless Jenkins agent.
I found the endpoint POST /api/v2/oauth/token with grant_type client_credentials. The documentation suggests this is for server-to-server communication. However, when I attempt to create a new application in the Genesys Cloud admin console and select “Confidential Client”, I don’t see an option to generate a long-lived static token. I only see the client secret.
Here is the curl command I am testing locally:
curl -X POST "https://api.mypurecloud.com/api/v2/oauth/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=MY_CLIENT_ID&client_secret=MY_CLIENT_SECRET"
The response returns a 200 OK with an access token. The issue is the expires_in field is set to 3600. For a CI/CD pipeline that might run for several hours or have retries, this is problematic. I would rather not implement a token refresh loop in the Terraform wrapper script if possible.
Is there a way to generate a token that doesn’t expire, or is there a specific scope or configuration in the Application settings that allows for a longer TTL? I’ve checked the “Advanced” tab but nothing stands out. We need something that can be stored securely as a Jenkins credential and used directly without expiration logic.