diff --git a/Cargo.toml b/Cargo.toml
index f32095c5a152f8332be6ff4f528a7d5eab1be2ac..cc641171e49f480b7cc21852c559ebe469d59e5a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,7 +19,7 @@ paste = "^0.1"
 libc = "^0.2.0"
 lazy_static = "^1.3.0"
 oauth2 = "^4.0.0"
-reqwest = "^0.11.3"
+reqwest = { version = "^0.11.3", features = ["json"] }
 config = "^0.11.0"
 serde = "^1.0.125"
 log = "^0.4.11"
diff --git a/src/nss.rs b/src/nss.rs
index 8b147d20bc6c868a3f0f5c0c19cad7d7dbc5aa24..dc66ed265c8eb5cfe1d06a8cf9a34b2b8b059717 100644
--- a/src/nss.rs
+++ b/src/nss.rs
@@ -21,8 +21,6 @@ use config::Config;
 
 use crate::logging::setup_log;
 
-use crate::oauth::get_access_token;
-
 use libnss::interop::Response;
 use libnss::passwd::{PasswdHooks, Passwd};
 
diff --git a/src/oauth.rs b/src/oauth.rs
index ebdd5f3efe4c6b8f52f39cd44098fca46f656c94..369664080ab4ea72dfc1b9bb43a1dcc234f6e117 100644
--- a/src/oauth.rs
+++ b/src/oauth.rs
@@ -28,6 +28,7 @@ use oauth2::{
     ResourceOwnerUsername,
     ResourceOwnerPassword,
     Scope,
+    TokenResponse,
     TokenUrl
 };
 use oauth2::basic::{
@@ -36,6 +37,9 @@ use oauth2::basic::{
 };
 use oauth2::reqwest::http_client;
 
+use serde::Deserialize;
+use reqwest;
+
 fn full_key(prefix: &str, key: &str) -> String {
     let parts = vec![prefix.to_string(), key.to_string()];
     let full_key = parts.join(".");
@@ -70,7 +74,7 @@ fn get_client<E: Copy>(conf: Config, prefix: &str, error_value: E) -> Result<Bas
     return Ok(client);
 }
 
-pub fn get_access_token<E: Copy>(conf: Config, prefix: &str, error_value: E, unauth_value: E) -> Result<BasicTokenResponse, E> {
+pub fn get_access_token_client<E: Copy>(conf: Config, prefix: &str, error_value: E, unauth_value: E) -> Result<BasicTokenResponse, E> {
     let scopes: Vec<String> = match get_optional(&conf, &full_key(prefix, "scopes")) {
         Some(v) => v,
         None => vec![]
@@ -129,7 +133,21 @@ pub fn get_access_token_password<E: Copy>(conf: Config, prefix: &str, username:
         }
 }
 
-fn do_json_request<E: Copy>(conf: Config, url: String, error_value: E, unauth_value: E) -> Result<String, E> {
-    let token = get_access_token(conf, "nss", error_value, unauth_value)?;
-    Ok("".to_string())
+fn get_data<T: for<'de> Deserialize<'de>, E>(conf: Config, token: BasicTokenResponse, endpoint: String, error_value: E) -> Result<T, E> {
+    let access_token = token.access_token().secret();
+
+    let client = reqwest::blocking::Client::new();
+    let res = match client
+        .get(endpoint)
+        .header(reqwest::header::AUTHORIZATION, format!("Bearer {}", access_token))
+        .send() {
+            Ok(r) => r,
+            Err(_) => return Err(error_value)
+        };
+
+    let data = match res.json() {
+        Ok(d) => d,
+        Err(_) => return Err(error_value)
+    };
+    return Ok(data);
 }