We’re trying to automate our org visioning with Terraform, but the standard client credentials grant keeps timing out. The pipeline runs about 40 minutes, and the token expires after 20. We can’t just refresh it in the middle of a terraform apply without breaking state or causing race conditions with resource dependencies.
We tried using a custom app with extended scopes, but the token lifetime is hard-capped. Is there a way to generate a long-lived token specifically for CI/CD, or do we need to implement a custom OAuth2 refresh logic in our build script before every step?
Here’s the current flow failing:
# Initial token fetch works fine
curl -X POST https://{{org}}.mypurecloud.com/oauth/token \
-H "content-type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id={{id}}&client_secret={{secret}}"
# 20 mins later, terraform plan fails with 401 Unauthorized
# Error: Request failed with status code 401
We don’t want to use a user-based password grant for security reasons. Any code examples for handling this refresh cycle in a bash wrapper or within the Terraform vider config itself?