The webhook API in Sync Gateway does not support calling services that require OAuth2 authentication.
Typically, servers that receieve webhook events are stateless, and do one or more of the following to authenticate incoming webhook requests:
HTTP Basic Authentication
IP Whitelisting the source(s) of webhook requests
Mutual payload signing with a shared secret
Mutual TLS authentication
Sync Gateway supports HTTP Basic authentication for the webhooks, but does not do request signing or x.509/Mutual TLS authentication. You could implement IP Whitelisting on your side to further restrict.
You could write a microservice, that does the above basic authentication to recieve incoming webhooks, and then negotiates an OAuth2 session with another microservice.