diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/OAuth2AuthProvider.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/OAuth2AuthProvider.java
index 058454dc..fa8a1d33 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/OAuth2AuthProvider.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/OAuth2AuthProvider.java
@@ -22,16 +22,17 @@
 import io.serverlessworkflow.impl.WorkflowApplication;
 import io.serverlessworkflow.impl.WorkflowContext;
 import io.serverlessworkflow.impl.WorkflowModel;
-import io.serverlessworkflow.impl.executors.http.oauth.JWT;
-import io.serverlessworkflow.impl.executors.http.oauth.OAuthRequestBuilder;
+import io.serverlessworkflow.impl.executors.http.auth.jwt.JWT;
+import io.serverlessworkflow.impl.executors.http.auth.requestbuilder.AuthRequestBuilder;
+import io.serverlessworkflow.impl.executors.http.auth.requestbuilder.OAuthRequestBuilder;
 import jakarta.ws.rs.client.Invocation;
 import jakarta.ws.rs.client.Invocation.Builder;
 
 public class OAuth2AuthProvider implements AuthProvider {
 
-  private OAuthRequestBuilder requestBuilder;
+  private AuthRequestBuilder requestBuilder;
 
-  private static final String BEARER_TOKEN = "%s %s";
+  private static final String BEARER_TOKEN = "Bearer %s";
 
   public OAuth2AuthProvider(
       WorkflowApplication application, Workflow workflow, OAuth2AuthenticationPolicy authPolicy) {
@@ -53,9 +54,6 @@ public Builder build(
   public void preRequest(
       Invocation.Builder builder, WorkflowContext workflow, TaskContext task, WorkflowModel model) {
     JWT jwt = requestBuilder.build(workflow, task, model).validateAndGet();
-    String type =
-        jwt.type().orElseThrow(() -> new IllegalStateException("Token type is not present"));
-    builder.header(
-        AuthProviderFactory.AUTH_HEADER_NAME, String.format(BEARER_TOKEN, type, jwt.token()));
+    builder.header(AuthProviderFactory.AUTH_HEADER_NAME, String.format(BEARER_TOKEN, jwt.token()));
   }
 }
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/OpenIdAuthProvider.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/OpenIdAuthProvider.java
index fcbc7273..824f707c 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/OpenIdAuthProvider.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/OpenIdAuthProvider.java
@@ -16,24 +16,49 @@
 package io.serverlessworkflow.impl.executors.http;
 
 import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy;
+import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration;
 import io.serverlessworkflow.api.types.Workflow;
 import io.serverlessworkflow.impl.TaskContext;
 import io.serverlessworkflow.impl.WorkflowApplication;
 import io.serverlessworkflow.impl.WorkflowContext;
 import io.serverlessworkflow.impl.WorkflowModel;
+import io.serverlessworkflow.impl.executors.http.auth.jwt.JWT;
+import io.serverlessworkflow.impl.executors.http.auth.requestbuilder.AuthRequestBuilder;
+import io.serverlessworkflow.impl.executors.http.auth.requestbuilder.OpenIdRequestBuilder;
+import jakarta.ws.rs.client.Invocation;
 import jakarta.ws.rs.client.Invocation.Builder;
 
 public class OpenIdAuthProvider implements AuthProvider {
 
+  private AuthRequestBuilder requestBuilder;
+
+  private static final String BEARER_TOKEN = "Bearer %s";
+
   public OpenIdAuthProvider(
-      WorkflowApplication app, Workflow workflow, OpenIdConnectAuthenticationPolicy authPolicy) {
-    throw new UnsupportedOperationException("OpenId auth not supported yet");
+      WorkflowApplication application,
+      Workflow workflow,
+      OpenIdConnectAuthenticationPolicy authPolicy) {
+    OpenIdConnectAuthenticationPolicyConfiguration configuration = authPolicy.getOidc();
+
+    if (configuration.getOpenIdConnectAuthenticationProperties() != null) {
+      this.requestBuilder =
+          new OpenIdRequestBuilder(
+              application, configuration.getOpenIdConnectAuthenticationProperties());
+    } else if (configuration.getOpenIdConnectAuthenticationPolicySecret() != null) {
+      throw new UnsupportedOperationException("Secrets are still not supported");
+    }
   }
 
   @Override
   public Builder build(
       Builder builder, WorkflowContext workflow, TaskContext task, WorkflowModel model) {
-    // TODO Auto-generated method stub
     return builder;
   }
+
+  @Override
+  public void preRequest(
+      Invocation.Builder builder, WorkflowContext workflow, TaskContext task, WorkflowModel model) {
+    JWT jwt = requestBuilder.build(workflow, task, model).validateAndGet();
+    builder.header(AuthProviderFactory.AUTH_HEADER_NAME, String.format(BEARER_TOKEN, jwt.token()));
+  }
 }
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/JWT.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/jwt/JWT.java
similarity index 94%
rename from impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/JWT.java
rename to impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/jwt/JWT.java
index 91da6737..b16664f3 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/JWT.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/jwt/JWT.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.serverlessworkflow.impl.executors.http.oauth;
+package io.serverlessworkflow.impl.executors.http.auth.jwt;
 
 import java.time.Instant;
 import java.util.List;
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/JWTConverter.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/jwt/JWTConverter.java
similarity index 93%
rename from impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/JWTConverter.java
rename to impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/jwt/JWTConverter.java
index 269436fb..c0a6cf27 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/JWTConverter.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/jwt/JWTConverter.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.serverlessworkflow.impl.executors.http.oauth;
+package io.serverlessworkflow.impl.executors.http.auth.jwt;
 
 public interface JWTConverter {
 
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/OAuthRequestBuilder.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/AbstractAuthRequestBuilder.java
similarity index 56%
rename from impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/OAuthRequestBuilder.java
rename to impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/AbstractAuthRequestBuilder.java
index 1a87e6f5..1925982f 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/OAuthRequestBuilder.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/AbstractAuthRequestBuilder.java
@@ -13,63 +13,50 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.serverlessworkflow.impl.executors.http.oauth;
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
 
 import static io.serverlessworkflow.api.types.OAuth2AuthenticationDataClient.ClientAuthentication.CLIENT_SECRET_POST;
 
 import io.serverlessworkflow.api.types.OAuth2AuthenticationData;
 import io.serverlessworkflow.api.types.OAuth2AuthenticationDataClient;
-import io.serverlessworkflow.api.types.OAuth2AuthenticationPropertiesEndpoints;
-import io.serverlessworkflow.api.types.Oauth2;
 import io.serverlessworkflow.impl.TaskContext;
 import io.serverlessworkflow.impl.WorkflowApplication;
 import io.serverlessworkflow.impl.WorkflowContext;
 import io.serverlessworkflow.impl.WorkflowModel;
-import java.net.URI;
 import java.util.Arrays;
 import java.util.List;
-import java.util.Map;
 import java.util.Objects;
+import java.util.function.Consumer;
 import java.util.stream.Collectors;
 
-public class OAuthRequestBuilder {
+abstract class AbstractAuthRequestBuilder implements AuthRequestBuilder {
 
-  private final Oauth2 oauth2;
+  protected final OAuth2AuthenticationData authenticationData;
 
-  private final OAuth2AuthenticationData authenticationData;
+  protected final WorkflowApplication application;
 
-  private final WorkflowApplication application;
+  private final List<Consumer<HttpRequestBuilder>> steps =
+      List.of(
+          this::requestEncoding,
+          this::authenticationURI,
+          this::audience,
+          this::scope,
+          this::authenticationMethod);
 
-  private List<String> issuers;
-
-  private final Map<String, String> defaults =
-      Map.of(
-          "endpoints.token", "oauth2/token",
-          "endpoints.revocation", "oauth2/revoke",
-          "endpoints.introspection", "oauth2/introspect");
-
-  public OAuthRequestBuilder(WorkflowApplication application, Oauth2 oauth2) {
-    this.oauth2 = oauth2;
-    this.authenticationData =
-        oauth2.getOAuth2ConnectAuthenticationProperties().getOAuth2AuthenticationData();
+  protected AbstractAuthRequestBuilder(
+      OAuth2AuthenticationData authenticationData, WorkflowApplication application) {
+    this.authenticationData = authenticationData;
     this.application = application;
   }
 
-  public AccessTokenProvider build(
-      WorkflowContext workflow, TaskContext task, WorkflowModel model) {
-    HttpRequestBuilder requestBuilder = new HttpRequestBuilder(application);
-
-    requestEncoding(requestBuilder);
-    authenticationURI(requestBuilder);
-    audience(requestBuilder);
-    scope(requestBuilder);
-    issuers();
-    authenticationMethod(requestBuilder);
-
-    return new AccessTokenProvider(requestBuilder.build(workflow, task, model), task, issuers);
+  protected void audience(HttpRequestBuilder requestBuilder) {
+    if (authenticationData.getAudiences() != null && !authenticationData.getAudiences().isEmpty()) {
+      String audiences = String.join(" ", authenticationData.getAudiences());
+      requestBuilder.addQueryParam("audience", audiences);
+    }
   }
 
-  private void authenticationMethod(HttpRequestBuilder requestBuilder) {
+  protected void authenticationMethod(HttpRequestBuilder requestBuilder) {
     switch (getClientAuthentication()) {
       case CLIENT_SECRET_BASIC:
         clientSecretBasic(requestBuilder);
@@ -83,11 +70,11 @@ private void authenticationMethod(HttpRequestBuilder requestBuilder) {
   }
 
   private void clientSecretBasic(HttpRequestBuilder requestBuilder) {
-    new ClientSecretBasic(oauth2).execute(requestBuilder);
+    new ClientSecretBasic(authenticationData).execute(requestBuilder);
   }
 
   private void clientSecretPost(HttpRequestBuilder requestBuilder) {
-    new ClientSecretPostStep(oauth2).execute(requestBuilder);
+    new ClientSecretPost(authenticationData).execute(requestBuilder);
   }
 
   private OAuth2AuthenticationDataClient.ClientAuthentication getClientAuthentication() {
@@ -98,23 +85,20 @@ private OAuth2AuthenticationDataClient.ClientAuthentication getClientAuthenticat
     return authenticationData.getClient().getAuthentication();
   }
 
-  private void issuers() {
-    issuers =
-        oauth2
-            .getOAuth2ConnectAuthenticationProperties()
-            .getOAuth2AuthenticationData()
-            .getIssuers();
+  @Override
+  public AccessTokenProvider build(
+      WorkflowContext workflow, TaskContext task, WorkflowModel model) {
+    HttpRequestBuilder requestBuilder = new HttpRequestBuilder(application);
+    steps.forEach(step -> step.accept(requestBuilder));
+    return new AccessTokenProvider(
+        requestBuilder.build(workflow, task, model), task, authenticationData.getIssuers());
   }
 
-  public void audience(HttpRequestBuilder requestBuilder) {
-    if (authenticationData.getAudiences() != null && !authenticationData.getAudiences().isEmpty()) {
-      String audiences = String.join(" ", authenticationData.getAudiences());
-      requestBuilder.addQueryParam("audience", audiences);
-    }
+  protected void scope(HttpRequestBuilder requestBuilder) {
+    scope(requestBuilder, authenticationData.getScopes());
   }
 
-  private void scope(HttpRequestBuilder requestBuilder) {
-    List<String> scopesList = authenticationData.getScopes();
+  protected void scope(HttpRequestBuilder requestBuilder, List<String> scopesList) {
     if (scopesList == null || scopesList.isEmpty()) {
       return;
     }
@@ -132,29 +116,7 @@ private void scope(HttpRequestBuilder requestBuilder) {
     }
   }
 
-  private void authenticationURI(HttpRequestBuilder requestBuilder) {
-    OAuth2AuthenticationPropertiesEndpoints endpoints =
-        oauth2
-            .getOAuth2ConnectAuthenticationProperties()
-            .getOAuth2ConnectAuthenticationProperties()
-            .getEndpoints();
-
-    String baseUri =
-        oauth2
-            .getOAuth2ConnectAuthenticationProperties()
-            .getOAuth2AuthenticationData()
-            .getAuthority()
-            .getLiteralUri()
-            .toString()
-            .replaceAll("/$", "");
-    String tokenPath = defaults.get("endpoints.token");
-    if (endpoints != null && endpoints.getToken() != null) {
-      tokenPath = endpoints.getToken().replaceAll("^/", "");
-    }
-    requestBuilder.withUri(URI.create(baseUri + "/" + tokenPath));
-  }
-
-  public void requestEncoding(HttpRequestBuilder requestBuilder) {
+  void requestEncoding(HttpRequestBuilder requestBuilder) {
     if (authenticationData.getRequest() != null
         && authenticationData.getRequest().getEncoding() != null) {
       requestBuilder.addHeader(
@@ -163,4 +125,6 @@ public void requestEncoding(HttpRequestBuilder requestBuilder) {
       requestBuilder.addHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
     }
   }
+
+  protected abstract void authenticationURI(HttpRequestBuilder requestBuilder);
 }
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/AccessTokenProvider.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/AccessTokenProvider.java
similarity index 90%
rename from impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/AccessTokenProvider.java
rename to impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/AccessTokenProvider.java
index 03df2400..aea3dbd5 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/AccessTokenProvider.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/AccessTokenProvider.java
@@ -13,9 +13,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.serverlessworkflow.impl.executors.http.oauth;
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
 
 import io.serverlessworkflow.impl.TaskContext;
+import io.serverlessworkflow.impl.executors.http.auth.jwt.JWT;
+import io.serverlessworkflow.impl.executors.http.auth.jwt.JWTConverter;
 import java.util.List;
 import java.util.Map;
 import java.util.ServiceLoader;
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/AuthRequestBuilder.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/AuthRequestBuilder.java
new file mode 100644
index 00000000..6fc808d3
--- /dev/null
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/AuthRequestBuilder.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2020-Present The Serverless Workflow Specification Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
+
+import io.serverlessworkflow.impl.TaskContext;
+import io.serverlessworkflow.impl.WorkflowContext;
+import io.serverlessworkflow.impl.WorkflowModel;
+
+public interface AuthRequestBuilder {
+
+  public AccessTokenProvider build(WorkflowContext workflow, TaskContext task, WorkflowModel model);
+}
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/ClientSecretBasic.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/ClientSecretBasic.java
similarity index 89%
rename from impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/ClientSecretBasic.java
rename to impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/ClientSecretBasic.java
index d18f2b04..95b09abb 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/ClientSecretBasic.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/ClientSecretBasic.java
@@ -13,26 +13,23 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.serverlessworkflow.impl.executors.http.oauth;
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
 
 import static io.serverlessworkflow.api.types.OAuth2AuthenticationData.OAuth2AuthenticationDataGrant.CLIENT_CREDENTIALS;
 import static io.serverlessworkflow.api.types.OAuth2AuthenticationData.OAuth2AuthenticationDataGrant.PASSWORD;
 
 import io.serverlessworkflow.api.types.OAuth2AuthenticationData;
-import io.serverlessworkflow.api.types.Oauth2;
 import java.util.Base64;
 
 class ClientSecretBasic {
 
-  private final Oauth2 oauth2;
+  private final OAuth2AuthenticationData authenticationData;
 
-  public ClientSecretBasic(Oauth2 oauth2) {
-    this.oauth2 = oauth2;
+  ClientSecretBasic(OAuth2AuthenticationData authenticationData) {
+    this.authenticationData = authenticationData;
   }
 
-  public void execute(HttpRequestBuilder requestBuilder) {
-    OAuth2AuthenticationData authenticationData =
-        oauth2.getOAuth2ConnectAuthenticationProperties().getOAuth2AuthenticationData();
+  void execute(HttpRequestBuilder requestBuilder) {
     if (authenticationData.getGrant().equals(PASSWORD)) {
       password(requestBuilder, authenticationData);
     } else if (authenticationData.getGrant().equals(CLIENT_CREDENTIALS)) {
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/ClientSecretPostStep.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/ClientSecretPost.java
similarity index 87%
rename from impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/ClientSecretPostStep.java
rename to impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/ClientSecretPost.java
index 2e89b5ea..21302e30 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/ClientSecretPostStep.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/ClientSecretPost.java
@@ -13,25 +13,21 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.serverlessworkflow.impl.executors.http.oauth;
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
 
 import static io.serverlessworkflow.api.types.OAuth2AuthenticationData.OAuth2AuthenticationDataGrant.CLIENT_CREDENTIALS;
 import static io.serverlessworkflow.api.types.OAuth2AuthenticationData.OAuth2AuthenticationDataGrant.PASSWORD;
 
 import io.serverlessworkflow.api.types.OAuth2AuthenticationData;
-import io.serverlessworkflow.api.types.Oauth2;
 
-class ClientSecretPostStep {
-  private final Oauth2 oauth2;
+class ClientSecretPost {
+  private final OAuth2AuthenticationData authenticationData;
 
-  public ClientSecretPostStep(Oauth2 oauth2) {
-    this.oauth2 = oauth2;
+  ClientSecretPost(OAuth2AuthenticationData authenticationData) {
+    this.authenticationData = authenticationData;
   }
 
-  public void execute(HttpRequestBuilder requestBuilder) {
-    OAuth2AuthenticationData authenticationData =
-        oauth2.getOAuth2ConnectAuthenticationProperties().getOAuth2AuthenticationData();
-
+  void execute(HttpRequestBuilder requestBuilder) {
     if (authenticationData.getGrant().equals(PASSWORD)) {
       password(requestBuilder, authenticationData);
     } else if (authenticationData.getGrant().equals(CLIENT_CREDENTIALS)) {
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/HttpRequestBuilder.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/HttpRequestBuilder.java
similarity index 98%
rename from impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/HttpRequestBuilder.java
rename to impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/HttpRequestBuilder.java
index 354b8ad0..544819c0 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/HttpRequestBuilder.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/HttpRequestBuilder.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.serverlessworkflow.impl.executors.http.oauth;
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
 
 import static io.serverlessworkflow.api.types.OAuth2TokenRequest.Oauth2TokenRequestEncoding;
 import static io.serverlessworkflow.api.types.OAuth2TokenRequest.Oauth2TokenRequestEncoding.APPLICATION_X_WWW_FORM_URLENCODED;
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/InvocationHolder.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/InvocationHolder.java
similarity index 94%
rename from impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/InvocationHolder.java
rename to impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/InvocationHolder.java
index 6655be8e..e1cca56e 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/InvocationHolder.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/InvocationHolder.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.serverlessworkflow.impl.executors.http.oauth;
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
 
 import jakarta.ws.rs.client.Client;
 import jakarta.ws.rs.core.Response;
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/OAuthRequestBuilder.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/OAuthRequestBuilder.java
new file mode 100644
index 00000000..2c557aad
--- /dev/null
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/OAuthRequestBuilder.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2020-Present The Serverless Workflow Specification Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
+
+import io.serverlessworkflow.api.types.OAuth2AuthenticationPropertiesEndpoints;
+import io.serverlessworkflow.api.types.Oauth2;
+import io.serverlessworkflow.impl.WorkflowApplication;
+import java.net.URI;
+import java.util.Map;
+
+public class OAuthRequestBuilder extends AbstractAuthRequestBuilder {
+
+  private final Oauth2 oauth2;
+
+  private final Map<String, String> defaults =
+      Map.of(
+          "endpoints.token", "oauth2/token",
+          "endpoints.revocation", "oauth2/revoke",
+          "endpoints.introspection", "oauth2/introspect");
+
+  public OAuthRequestBuilder(WorkflowApplication application, Oauth2 oauth2) {
+    super(
+        oauth2.getOAuth2ConnectAuthenticationProperties().getOAuth2AuthenticationData(),
+        application);
+    this.oauth2 = oauth2;
+  }
+
+  @Override
+  protected void authenticationURI(HttpRequestBuilder requestBuilder) {
+    OAuth2AuthenticationPropertiesEndpoints endpoints =
+        oauth2
+            .getOAuth2ConnectAuthenticationProperties()
+            .getOAuth2ConnectAuthenticationProperties()
+            .getEndpoints();
+
+    String baseUri =
+        authenticationData.getAuthority().getLiteralUri().toString().replaceAll("/$", "");
+    String tokenPath = defaults.get("endpoints.token");
+    if (endpoints != null && endpoints.getToken() != null) {
+      tokenPath = endpoints.getToken().replaceAll("^/", "");
+    }
+    requestBuilder.withUri(URI.create(baseUri + "/" + tokenPath));
+  }
+}
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/OpenIdRequestBuilder.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/OpenIdRequestBuilder.java
new file mode 100644
index 00000000..eb082f59
--- /dev/null
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/OpenIdRequestBuilder.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2020-Present The Serverless Workflow Specification Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
+
+import io.serverlessworkflow.api.types.OAuth2AuthenticationData;
+import io.serverlessworkflow.impl.WorkflowApplication;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+
+public class OpenIdRequestBuilder extends AbstractAuthRequestBuilder {
+
+  public OpenIdRequestBuilder(
+      WorkflowApplication application, OAuth2AuthenticationData autenthicationData) {
+    super(autenthicationData, application);
+  }
+
+  @Override
+  protected void authenticationURI(HttpRequestBuilder requestBuilder) {
+    String url = authenticationData.getAuthority().getLiteralUri().toString().replaceAll("/$", "");
+    requestBuilder.withUri(URI.create(url));
+  }
+
+  @Override
+  protected void scope(HttpRequestBuilder requestBuilder) {
+    List<String> scopesList = new ArrayList<>(authenticationData.getScopes());
+    scopesList.add("openid");
+    scope(requestBuilder, scopesList);
+  }
+}
diff --git a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/TokenResponseHandler.java b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/TokenResponseHandler.java
similarity index 95%
rename from impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/TokenResponseHandler.java
rename to impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/TokenResponseHandler.java
index a04998e8..2d64b7ec 100644
--- a/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/TokenResponseHandler.java
+++ b/impl/http/src/main/java/io/serverlessworkflow/impl/executors/http/auth/requestbuilder/TokenResponseHandler.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package io.serverlessworkflow.impl.executors.http.oauth;
+package io.serverlessworkflow.impl.executors.http.auth.requestbuilder;
 
 import io.serverlessworkflow.impl.TaskContext;
 import io.serverlessworkflow.impl.WorkflowError;
@@ -25,7 +25,7 @@
 import java.util.Map;
 import java.util.function.BiFunction;
 
-public class TokenResponseHandler
+class TokenResponseHandler
     implements BiFunction<InvocationHolder, TaskContext, Map<String, Object>> {
 
   @Override
diff --git a/impl/jwt-impl/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/jackson/JacksonJWTConverter.java b/impl/jwt-impl/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/jackson/JacksonJWTConverter.java
index 04babf62..c8aa5dde 100644
--- a/impl/jwt-impl/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/jackson/JacksonJWTConverter.java
+++ b/impl/jwt-impl/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/jackson/JacksonJWTConverter.java
@@ -16,8 +16,8 @@
 package io.serverlessworkflow.impl.executors.http.oauth.jackson;
 
 import com.fasterxml.jackson.core.type.TypeReference;
-import io.serverlessworkflow.impl.executors.http.oauth.JWT;
-import io.serverlessworkflow.impl.executors.http.oauth.JWTConverter;
+import io.serverlessworkflow.impl.executors.http.auth.jwt.JWT;
+import io.serverlessworkflow.impl.executors.http.auth.jwt.JWTConverter;
 import io.serverlessworkflow.impl.jackson.JsonUtils;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
diff --git a/impl/jwt-impl/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/jackson/JacksonJWTImpl.java b/impl/jwt-impl/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/jackson/JacksonJWTImpl.java
index 5d0c6486..33b772bd 100644
--- a/impl/jwt-impl/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/jackson/JacksonJWTImpl.java
+++ b/impl/jwt-impl/src/main/java/io/serverlessworkflow/impl/executors/http/oauth/jackson/JacksonJWTImpl.java
@@ -15,7 +15,7 @@
  */
 package io.serverlessworkflow.impl.executors.http.oauth.jackson;
 
-import io.serverlessworkflow.impl.executors.http.oauth.JWT;
+import io.serverlessworkflow.impl.executors.http.auth.jwt.JWT;
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.Collection;
diff --git a/impl/jwt-impl/src/main/resources/META-INF/services/io.serverlessworkflow.impl.executors.http.oauth.JWTConverter b/impl/jwt-impl/src/main/resources/META-INF/services/io.serverlessworkflow.impl.executors.http.auth.jwt.JWTConverter
similarity index 100%
rename from impl/jwt-impl/src/main/resources/META-INF/services/io.serverlessworkflow.impl.executors.http.oauth.JWTConverter
rename to impl/jwt-impl/src/main/resources/META-INF/services/io.serverlessworkflow.impl.executors.http.auth.jwt.JWTConverter
diff --git a/impl/jwt-impl/src/test/java/io/serverlessworkflow/impl/http/jwt/JacksonJWTImplTest.java b/impl/jwt-impl/src/test/java/io/serverlessworkflow/impl/http/jwt/JacksonJWTImplTest.java
index 103f48fd..08b39c6d 100644
--- a/impl/jwt-impl/src/test/java/io/serverlessworkflow/impl/http/jwt/JacksonJWTImplTest.java
+++ b/impl/jwt-impl/src/test/java/io/serverlessworkflow/impl/http/jwt/JacksonJWTImplTest.java
@@ -17,7 +17,7 @@
 
 import static org.junit.jupiter.api.Assertions.*;
 
-import io.serverlessworkflow.impl.executors.http.oauth.JWT;
+import io.serverlessworkflow.impl.executors.http.auth.jwt.JWT;
 import io.serverlessworkflow.impl.executors.http.oauth.jackson.JacksonJWTConverter;
 import java.time.Instant;
 import java.util.List;
@@ -30,7 +30,7 @@ public class JacksonJWTImplTest {
   private static String JWT_TOKEN =
       "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJTY1c4RGI5RThtSnlvTUNqZHVtek5VR21FcG9MYURDb19ralZkVHJ2NDdVIn0.eyJleHAiOjE3NTYxNDgyNTcsImlhdCI6MTc1NjE0Nzk1NywianRpIjoiOWU4YzZjMWItZDBmZS00NGNhLThlOTgtNzNkZTY4OTdjYzE4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDg4L3JlYWxtcy90ZXN0LXJlYWxtIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImExZDdlMWVlLTVmZjMtNDc3Yi1hMmRhLTNhNDZkYThlZmRkMSIsInR5cCI6IkJlYXJlciIsImF6cCI6InNlcnZlcmxlc3Mtd29ya2Zsb3ciLCJzZXNzaW9uX3N0YXRlIjoiNDdiYzIxZDEtYTMyYi00OGJlLWI2OWQtZDM5MjE5MjViZTlmIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwOi8vbG9jYWxob3N0OjgwODAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMtdGVzdC1yZWFsbSIsIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJzaWQiOiI0N2JjMjFkMS1hMzJiLTQ4YmUtYjY5ZC1kMzkyMTkyNWJlOWYiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJEbWl0cmlpIFRpa2hvbWlyb3YiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2ZXJsZXNzLXdvcmtmbG93LXRlc3QiLCJnaXZlbl9uYW1lIjoiRG1pdHJpaSIsImZhbWlseV9uYW1lIjoiVGlraG9taXJvdiIsImVtYWlsIjoiYW55QGV4YW1wbGUub3JnIn0.bY9DqVt5jPcfsY5-tL4JbXXptnyFBBLLKuViBH3xQBXpHSmtXKK78BjBdUOcCAg6SMatdQ4XK13RJJNPpjPDCkuBeLDMwsdCrzKcfaUWY7JCMfam4gIiC989m_S8y8jtJovDst8sjIkn95f5izuuiAxRYw69_IcY__cfBw7k0OhL7Y_YXCcwwz7l2yrbplmpLiakTTuzhbiCER5EPohguy9BkYG_u2RDUZg0Rvy3EzbyVhTQQyfKRFjoAxTa1Se484n2lXqgMn1JHTZLwrgXAjcMDVaktktLb_cn276ygAeuqPj7dOsQGEoLR-8enRz1eZKBPgO70LNqGkkkyHiyOA";
 
-  private static JacksonJWTConverter converter = new JacksonJWTConverter();
+  private static final JacksonJWTConverter converter = new JacksonJWTConverter();
 
   @Test
   void tokenRoundTrip() {
diff --git a/impl/test/src/test/java/io/serverlessworkflow/impl/test/OpenIDCHTTPWorkflowDefinitionTest.java b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OpenIDCHTTPWorkflowDefinitionTest.java
new file mode 100644
index 00000000..f3e34f36
--- /dev/null
+++ b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OpenIDCHTTPWorkflowDefinitionTest.java
@@ -0,0 +1,753 @@
+/*
+ * Copyright 2020-Present The Serverless Workflow Specification Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.serverlessworkflow.impl.test;
+
+import static io.serverlessworkflow.api.WorkflowReader.readWorkflowFromClasspath;
+import static io.serverlessworkflow.impl.test.OAuthHTTPWorkflowDefinitionTest.fakeAccessToken;
+import static org.junit.Assert.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.serverlessworkflow.api.types.Workflow;
+import io.serverlessworkflow.impl.WorkflowApplication;
+import java.io.IOException;
+import java.util.Map;
+import okhttp3.OkHttpClient;
+import okhttp3.mockwebserver.MockResponse;
+import okhttp3.mockwebserver.MockWebServer;
+import okhttp3.mockwebserver.RecordedRequest;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+public class OpenIDCHTTPWorkflowDefinitionTest {
+
+  private static final ObjectMapper MAPPER = new ObjectMapper();
+
+  private static final String RESPONSE =
+      """
+                  {
+                      "message": "Hello World"
+                  }
+                  """;
+
+  String TOKEN_RESPONSE_TEMPLATE =
+      """
+                  {
+                    "access_token": "%s",
+                    "token_type": "Bearer",
+                    "expires_in": 3600,
+                    "scope": "read write"
+                  }
+                  """;
+
+  private MockWebServer authServer;
+  private MockWebServer apiServer;
+  private OkHttpClient httpClient;
+  private String authBaseUrl;
+  private String apiBaseUrl;
+
+  @BeforeEach
+  void setUp() throws IOException {
+    authServer = new MockWebServer();
+    authServer.start(8888);
+    authBaseUrl = "http://localhost:8888";
+
+    apiServer = new MockWebServer();
+    apiServer.start(8881);
+    apiBaseUrl = "http://localhost:8881";
+
+    httpClient = new OkHttpClient();
+  }
+
+  @AfterEach
+  void tearDown() throws IOException {
+    authServer.shutdown();
+    apiServer.shutdown();
+  }
+
+  @Test
+  public void testOpenIDCClientSecretPostPasswordWorkflowExecution() throws Exception {
+
+    String jwt = fakeAccessToken();
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow = readWorkflowFromClasspath("openidcClientSecretPostPasswordHttpCall.yaml");
+    Map<String, Object> result;
+    System.err.println("START");
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(Map.of()).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/x-www-form-urlencoded", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+    assertTrue(tokenRequestBody.contains("grant_type=password"));
+    assertTrue(tokenRequestBody.contains("username=serverless-workflow-test"));
+    assertTrue(tokenRequestBody.contains("password=serverless-workflow-test"));
+    assertTrue(tokenRequestBody.contains("client_id=serverless-workflow"));
+    assertTrue(tokenRequestBody.contains("client_secret=D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+    assertTrue(tokenRequestBody.contains("scope=openid"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCClientSecretPostWithArgsWorkflowExecution() throws Exception {
+    String jwt = fakeAccessToken();
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow =
+        readWorkflowFromClasspath("openidcClientSecretPostPasswordAsArgHttpCall.yaml");
+    Map<String, Object> result;
+    Map<String, String> params =
+        Map.of(
+            "clientId", "serverless-workflow",
+            "clientSecret", "D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT",
+            "username", "serverless-workflow-test",
+            "password", "serverless-workflow-test");
+
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(params).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/x-www-form-urlencoded", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+    assertTrue(tokenRequestBody.contains("grant_type=password"));
+    assertTrue(tokenRequestBody.contains("username=serverless-workflow-test"));
+    assertTrue(tokenRequestBody.contains("password=serverless-workflow-test"));
+    assertTrue(tokenRequestBody.contains("client_id=serverless-workflow"));
+    assertTrue(tokenRequestBody.contains("client_secret=D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCClientSecretPostWithArgsAllGrantsWorkflowExecution() throws Exception {
+    String jwt = fakeAccessToken();
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow =
+        readWorkflowFromClasspath("openidcClientSecretPostPasswordAllGrantsHttpCall.yaml");
+    Map<String, Object> result;
+    Map<String, String> params =
+        Map.of(
+            "clientId", "serverless-workflow",
+            "clientSecret", "D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT",
+            "username", "serverless-workflow-test",
+            "password", "serverless-workflow-test");
+
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(params).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/x-www-form-urlencoded", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+    assertTrue(tokenRequestBody.contains("grant_type=password"));
+    assertTrue(tokenRequestBody.contains("username=serverless-workflow-test"));
+    assertTrue(tokenRequestBody.contains("password=serverless-workflow-test"));
+
+    assertTrue(
+        tokenRequestBody.contains(
+            "scope=pets%3Aread+pets%3Awrite+pets%3Adelete+pets%3Acreate+openid"));
+    assertTrue(
+        tokenRequestBody.contains("audience=serverless-workflow+another-audience+third-audience"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+
+    System.out.println("tokenRequestBody = \n" + tokenRequestBody);
+  }
+
+  @Test
+  public void testOpenIDCClientSecretPostClientCredentialsParamsWorkflowExecution()
+      throws Exception {
+    String jwt = fakeAccessToken();
+
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow =
+        readWorkflowFromClasspath("openidcClientSecretPostClientCredentialsParamsHttpCall.yaml");
+    Map<String, Object> result;
+    Map<String, String> params =
+        Map.of(
+            "clientId", "serverless-workflow",
+            "clientSecret", "D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT");
+
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(params).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/x-www-form-urlencoded", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+    assertTrue(tokenRequestBody.contains("grant_type=client_credentials"));
+    assertTrue(tokenRequestBody.contains("client_id=serverless-workflow"));
+    assertTrue(tokenRequestBody.contains("secret=D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCClientSecretPostClientCredentialsParamsNoEndpointWorkflowExecution()
+      throws Exception {
+    String jwt = fakeAccessToken();
+
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow =
+        readWorkflowFromClasspath(
+            "openidcClientSecretPostClientCredentialsParamsNoEndPointHttpCall.yaml");
+    Map<String, Object> result;
+    Map<String, String> params =
+        Map.of(
+            "clientId", "serverless-workflow",
+            "clientSecret", "D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT");
+
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(params).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("application/x-www-form-urlencoded", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+    assertTrue(tokenRequestBody.contains("grant_type=client_credentials"));
+    assertTrue(tokenRequestBody.contains("client_id=serverless-workflow"));
+    assertTrue(tokenRequestBody.contains("secret=D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCJSONPasswordWorkflowExecution() throws Exception {
+    String jwt = fakeAccessToken();
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow = readWorkflowFromClasspath("openidcJSONPasswordHttpCall.yaml");
+    Map<String, Object> result;
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(Map.of()).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/json", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+
+    Map<String, Object> asJson = MAPPER.readValue(tokenRequestBody, Map.class);
+    assertTrue(asJson.containsKey("grant_type") && asJson.get("grant_type").equals("password"));
+
+    assertTrue(
+        asJson.containsKey("client_id") && asJson.get("client_id").equals("serverless-workflow"));
+    assertTrue(
+        asJson.containsKey("client_secret")
+            && asJson.get("client_secret").equals("D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+
+    assertTrue(
+        asJson.containsKey("username")
+            && asJson.get("username").equals("serverless-workflow-test"));
+    assertTrue(
+        asJson.containsKey("password")
+            && asJson.get("password").equals("serverless-workflow-test"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCJSONWithArgsWorkflowExecution() throws Exception {
+    String jwt = fakeAccessToken();
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow = readWorkflowFromClasspath("openidcJSONPasswordAsArgHttpCall.yaml");
+    Map<String, Object> result;
+    Map<String, String> params =
+        Map.of(
+            "clientId", "serverless-workflow",
+            "clientSecret", "D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT",
+            "username", "serverless-workflow-test",
+            "password", "serverless-workflow-test");
+
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(params).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/json", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+
+    Map<String, Object> asJson = MAPPER.readValue(tokenRequestBody, Map.class);
+    assertTrue(asJson.containsKey("grant_type") && asJson.get("grant_type").equals("password"));
+    assertTrue(
+        asJson.containsKey("client_id") && asJson.get("client_id").equals("serverless-workflow"));
+    assertTrue(
+        asJson.containsKey("client_secret")
+            && asJson.get("client_secret").equals("D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+    assertTrue(
+        asJson.containsKey("username")
+            && asJson.get("username").equals("serverless-workflow-test"));
+    assertTrue(
+        asJson.containsKey("password")
+            && asJson.get("password").equals("serverless-workflow-test"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCJSONWithArgsNoEndPointWorkflowExecution() throws Exception {
+    String jwt = fakeAccessToken();
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow = readWorkflowFromClasspath("openidcJSONPasswordNoEndpointsHttpCall.yaml");
+    Map<String, Object> result;
+    Map<String, String> params =
+        Map.of(
+            "clientId", "serverless-workflow",
+            "clientSecret", "D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT",
+            "username", "serverless-workflow-test",
+            "password", "serverless-workflow-test");
+
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(params).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/json", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+    Map<String, Object> asJson = MAPPER.readValue(tokenRequestBody, Map.class);
+    assertTrue(asJson.containsKey("grant_type") && asJson.get("grant_type").equals("password"));
+    assertTrue(
+        asJson.containsKey("client_id") && asJson.get("client_id").equals("serverless-workflow"));
+    assertTrue(
+        asJson.containsKey("client_secret")
+            && asJson.get("client_secret").equals("D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+    assertTrue(
+        asJson.containsKey("username")
+            && asJson.get("username").equals("serverless-workflow-test"));
+    assertTrue(
+        asJson.containsKey("password")
+            && asJson.get("password").equals("serverless-workflow-test"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCJSONWithArgsAllGrantsWorkflowExecution() throws Exception {
+    String jwt = fakeAccessToken();
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow = readWorkflowFromClasspath("openidcJSONPasswordAllGrantsHttpCall.yaml");
+    Map<String, Object> result;
+    Map<String, String> params =
+        Map.of(
+            "clientId", "serverless-workflow",
+            "clientSecret", "D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT",
+            "username", "serverless-workflow-test",
+            "password", "serverless-workflow-test",
+            "openidScope", "openidScope",
+            "audience", "account");
+
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(params).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/json", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+
+    Map<String, Object> asJson = MAPPER.readValue(tokenRequestBody, Map.class);
+    assertTrue(asJson.containsKey("grant_type") && asJson.get("grant_type").equals("password"));
+    assertTrue(
+        asJson.containsKey("client_id") && asJson.get("client_id").equals("serverless-workflow"));
+    assertTrue(
+        asJson.containsKey("client_secret")
+            && asJson.get("client_secret").equals("D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+    assertTrue(
+        asJson.containsKey("username")
+            && asJson.get("username").equals("serverless-workflow-test"));
+    assertTrue(
+        asJson.containsKey("password")
+            && asJson.get("password").equals("serverless-workflow-test"));
+
+    assertTrue(
+        asJson.containsKey("scope")
+            && asJson.get("scope").equals("pets:read pets:write pets:delete pets:create openid"));
+
+    assertTrue(
+        asJson.containsKey("audience")
+            && asJson
+                .get("audience")
+                .equals("serverless-workflow another-audience third-audience"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCJSONClientCredentialsWorkflowExecution() throws Exception {
+    String jwt = fakeAccessToken();
+
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow = readWorkflowFromClasspath("openidcJSONClientCredentialsHttpCall.yaml");
+    Map<String, Object> result;
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(Map.of()).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/json", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+    Map<String, Object> asJson = MAPPER.readValue(tokenRequestBody, Map.class);
+    assertTrue(
+        asJson.containsKey("grant_type") && asJson.get("grant_type").equals("client_credentials"));
+    assertTrue(
+        asJson.containsKey("client_id") && asJson.get("client_id").equals("serverless-workflow"));
+    assertTrue(
+        asJson.containsKey("client_secret")
+            && asJson.get("client_secret").equals("D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCJSONClientCredentialsParamsWorkflowExecution() throws Exception {
+    String jwt = fakeAccessToken();
+
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow =
+        readWorkflowFromClasspath("openidcJSONClientCredentialsParamsHttpCall.yaml");
+    Map<String, Object> result;
+    Map<String, String> params =
+        Map.of(
+            "clientId", "serverless-workflow",
+            "clientSecret", "D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT");
+
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(params).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/json", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+    Map<String, Object> asJson = MAPPER.readValue(tokenRequestBody, Map.class);
+    assertTrue(
+        asJson.containsKey("grant_type") && asJson.get("grant_type").equals("client_credentials"));
+    assertTrue(
+        asJson.containsKey("client_id") && asJson.get("client_id").equals("serverless-workflow"));
+    assertTrue(
+        asJson.containsKey("client_secret")
+            && asJson.get("client_secret").equals("D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+
+  @Test
+  public void testOpenIDCJSONClientCredentialsParamsNoEndpointWorkflowExecution() throws Exception {
+    String jwt = fakeAccessToken();
+
+    String tokenResponse = TOKEN_RESPONSE_TEMPLATE.formatted(jwt);
+
+    authServer.enqueue(
+        new MockResponse()
+            .setBody(tokenResponse)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    apiServer.enqueue(
+        new MockResponse()
+            .setBody(RESPONSE)
+            .setHeader("Content-Type", "application/json")
+            .setResponseCode(200));
+
+    Workflow workflow =
+        readWorkflowFromClasspath("openidcJSONClientCredentialsParamsNoEndPointHttpCall.yaml");
+    Map<String, Object> result;
+    Map<String, String> params =
+        Map.of(
+            "clientId", "serverless-workflow",
+            "clientSecret", "D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT");
+
+    try (WorkflowApplication app = WorkflowApplication.builder().build()) {
+      result =
+          app.workflowDefinition(workflow).instance(params).start().get().asMap().orElseThrow();
+    }
+
+    assertTrue(result.containsKey("message"));
+    assertTrue(result.get("message").toString().contains("Hello World"));
+
+    RecordedRequest tokenRequest = authServer.takeRequest();
+    assertEquals("POST", tokenRequest.getMethod());
+    assertEquals("/realms/test-realm/protocol/openid-connect/token", tokenRequest.getPath());
+    assertEquals("application/json", tokenRequest.getHeader("Content-Type"));
+
+    String tokenRequestBody = tokenRequest.getBody().readUtf8();
+    Map<String, Object> asJson = MAPPER.readValue(tokenRequestBody, Map.class);
+    assertTrue(
+        asJson.containsKey("grant_type") && asJson.get("grant_type").equals("client_credentials"));
+    assertTrue(
+        asJson.containsKey("client_id") && asJson.get("client_id").equals("serverless-workflow"));
+    assertTrue(
+        asJson.containsKey("client_secret")
+            && asJson.get("client_secret").equals("D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT"));
+
+    RecordedRequest petRequest = apiServer.takeRequest();
+    assertEquals("GET", petRequest.getMethod());
+    assertEquals("/hello", petRequest.getPath());
+    assertEquals("Bearer " + jwt, petRequest.getHeader("Authorization"));
+  }
+}
diff --git a/impl/test/src/test/resources/openidcClientSecretPostClientCredentialsParamsHttpCall.yaml b/impl/test/src/test/resources/openidcClientSecretPostClientCredentialsParamsHttpCall.yaml
new file mode 100644
index 00000000..536f3331
--- /dev/null
+++ b/impl/test/src/test/resources/openidcClientSecretPostClientCredentialsParamsHttpCall.yaml
@@ -0,0 +1,23 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: client_credentials
+              request:
+                encoding: application/x-www-form-urlencoded
+              client:
+                id: ${ .clientId }
+                secret: ${ .clientSecret }
+              issuers:
+                - http://localhost:8888/realms/test-realm
diff --git a/impl/test/src/test/resources/openidcClientSecretPostClientCredentialsParamsNoEndPointHttpCall.yaml b/impl/test/src/test/resources/openidcClientSecretPostClientCredentialsParamsNoEndPointHttpCall.yaml
new file mode 100644
index 00000000..c4e068bb
--- /dev/null
+++ b/impl/test/src/test/resources/openidcClientSecretPostClientCredentialsParamsNoEndPointHttpCall.yaml
@@ -0,0 +1,21 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: client_credentials
+              client:
+                id: ${ .clientId }
+                secret: ${ .clientSecret }
+              issuers:
+                - http://localhost:8888/realms/test-realm
diff --git a/impl/test/src/test/resources/openidcClientSecretPostPasswordAllGrantsHttpCall.yaml b/impl/test/src/test/resources/openidcClientSecretPostPasswordAllGrantsHttpCall.yaml
new file mode 100644
index 00000000..468a0d3d
--- /dev/null
+++ b/impl/test/src/test/resources/openidcClientSecretPostPasswordAllGrantsHttpCall.yaml
@@ -0,0 +1,29 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: password
+              request:
+                encoding: application/x-www-form-urlencoded
+              client:
+                id: ${ .clientId }
+                secret: ${ .clientSecret }
+              username: ${ .username }
+              password: ${ .password }
+              scopes:
+                - pets:read
+                - pets:write
+                - pets:delete
+                - pets:create
+              audiences: [ serverless-workflow, another-audience, third-audience ]
\ No newline at end of file
diff --git a/impl/test/src/test/resources/openidcClientSecretPostPasswordAsArgHttpCall.yaml b/impl/test/src/test/resources/openidcClientSecretPostPasswordAsArgHttpCall.yaml
new file mode 100644
index 00000000..26d035f0
--- /dev/null
+++ b/impl/test/src/test/resources/openidcClientSecretPostPasswordAsArgHttpCall.yaml
@@ -0,0 +1,23 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: password
+              client:
+                id: ${ .clientId }
+                secret: ${ .clientSecret }
+              username: ${ .username }
+              password: ${ .password }
+              issuers:
+                - http://localhost:8888/realms/test-realm
diff --git a/impl/test/src/test/resources/openidcClientSecretPostPasswordHttpCall.yaml b/impl/test/src/test/resources/openidcClientSecretPostPasswordHttpCall.yaml
new file mode 100644
index 00000000..be49e5aa
--- /dev/null
+++ b/impl/test/src/test/resources/openidcClientSecretPostPasswordHttpCall.yaml
@@ -0,0 +1,21 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: password
+              client:
+                id: serverless-workflow
+                secret: D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT
+              username: serverless-workflow-test
+              password: serverless-workflow-test
diff --git a/impl/test/src/test/resources/openidcJSONClientCredentialsHttpCall.yaml b/impl/test/src/test/resources/openidcJSONClientCredentialsHttpCall.yaml
new file mode 100644
index 00000000..c36c53b8
--- /dev/null
+++ b/impl/test/src/test/resources/openidcJSONClientCredentialsHttpCall.yaml
@@ -0,0 +1,23 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: client_credentials
+              request:
+                encoding: application/json
+              client:
+                id: serverless-workflow
+                secret: D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT
+              issuers:
+                - http://localhost:8888/realms/test-realm
diff --git a/impl/test/src/test/resources/openidcJSONClientCredentialsParamsHttpCall.yaml b/impl/test/src/test/resources/openidcJSONClientCredentialsParamsHttpCall.yaml
new file mode 100644
index 00000000..cbcba38d
--- /dev/null
+++ b/impl/test/src/test/resources/openidcJSONClientCredentialsParamsHttpCall.yaml
@@ -0,0 +1,23 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: client_credentials
+              request:
+                encoding: application/json
+              client:
+                id: ${ .clientId }
+                secret: ${ .clientSecret }
+              issuers:
+                - http://localhost:8888/realms/test-realm
diff --git a/impl/test/src/test/resources/openidcJSONClientCredentialsParamsNoEndPointHttpCall.yaml b/impl/test/src/test/resources/openidcJSONClientCredentialsParamsNoEndPointHttpCall.yaml
new file mode 100644
index 00000000..cbcba38d
--- /dev/null
+++ b/impl/test/src/test/resources/openidcJSONClientCredentialsParamsNoEndPointHttpCall.yaml
@@ -0,0 +1,23 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: client_credentials
+              request:
+                encoding: application/json
+              client:
+                id: ${ .clientId }
+                secret: ${ .clientSecret }
+              issuers:
+                - http://localhost:8888/realms/test-realm
diff --git a/impl/test/src/test/resources/openidcJSONPasswordAllGrantsHttpCall.yaml b/impl/test/src/test/resources/openidcJSONPasswordAllGrantsHttpCall.yaml
new file mode 100644
index 00000000..ae36c8fc
--- /dev/null
+++ b/impl/test/src/test/resources/openidcJSONPasswordAllGrantsHttpCall.yaml
@@ -0,0 +1,29 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: password
+              request:
+                encoding: application/json
+              client:
+                id: ${ .clientId }
+                secret: ${ .clientSecret }
+              username: ${ .username }
+              password: ${ .password }
+              scopes:
+                - pets:read
+                - pets:write
+                - pets:delete
+                - pets:create
+              audiences: [ serverless-workflow, another-audience, third-audience ]
\ No newline at end of file
diff --git a/impl/test/src/test/resources/openidcJSONPasswordAsArgHttpCall.yaml b/impl/test/src/test/resources/openidcJSONPasswordAsArgHttpCall.yaml
new file mode 100644
index 00000000..477e232e
--- /dev/null
+++ b/impl/test/src/test/resources/openidcJSONPasswordAsArgHttpCall.yaml
@@ -0,0 +1,25 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: password
+              request:
+                encoding: application/json
+              client:
+                id: ${ .clientId }
+                secret: ${ .clientSecret }
+              username: ${ .username }
+              password: ${ .password }
+              issuers:
+                - http://localhost:8888/realms/test-realm
diff --git a/impl/test/src/test/resources/openidcJSONPasswordHttpCall.yaml b/impl/test/src/test/resources/openidcJSONPasswordHttpCall.yaml
new file mode 100644
index 00000000..e78e8b85
--- /dev/null
+++ b/impl/test/src/test/resources/openidcJSONPasswordHttpCall.yaml
@@ -0,0 +1,25 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: password
+              request:
+                encoding: application/json
+              client:
+                id: serverless-workflow
+                secret: D0ACXCUKOUrL5YL7j6RQWplMaSjPB8MT
+              username: serverless-workflow-test
+              password: serverless-workflow-test
+              issuers:
+                - http://localhost:8888/realms/test-realm
diff --git a/impl/test/src/test/resources/openidcJSONPasswordNoEndpointsHttpCall.yaml b/impl/test/src/test/resources/openidcJSONPasswordNoEndpointsHttpCall.yaml
new file mode 100644
index 00000000..1dd1ed87
--- /dev/null
+++ b/impl/test/src/test/resources/openidcJSONPasswordNoEndpointsHttpCall.yaml
@@ -0,0 +1,23 @@
+document:
+  dsl: '1.0.0-alpha5'
+  namespace: examples
+  name: oauth2-authentication
+  version: '0.1.0'
+do:
+  - getPet:
+      call: http
+      with:
+        method: get
+        endpoint:
+          uri: http://localhost:8881/hello
+          authentication:
+            oidc:
+              authority: http://localhost:8888/realms/test-realm/protocol/openid-connect/token
+              grant: password
+              request:
+                encoding: application/json
+              client:
+                id: ${ .clientId }
+                secret: ${ .clientSecret }
+              username: ${ .username }
+              password: ${ .password }