We’re trying to set up a CI/CD pipeline that runs terraform plan on pull requests and apply on merge. The workflow uses a service account with client credentials to authenticate against the Genesys Cloud provider. The plan step works fine locally but fails in the GitHub Action with a 403 Forbidden error when calling /api/v2/oauth/token. The error response says the client_id is invalid even though it’s pulled from the GitHub secret. I’ve checked the secret multiple times and it matches the one in the admin portal.
Here’s the relevant action step. The token request fails before terraform even starts. We’ve tried switching to auth code flow but that requires a user interaction which breaks the automation. Is there a specific scope needed for the client credentials grant in the provider config? The provider block just has the environment set to us1.