In a perfect world I think mutli_auth would allow you to supply a custom HTTP::Client instance that would be set on the underlying OAuth2::Client instance. This would allow you to use a mock testing implementation client that keeps tracks of the incoming requests that let you later run assertions on them, and returns pre-configured responses, e.g. a response that returns a fake token.
However, mutli_auth does not currently support that out of the box, nor is there a built-in testing HTTP client. The closest you can get is probably GitHub - manastech/webmock.cr: Mock HTTP::Client, which should allow you to mock the request/response w/o touching any internals (as it does that for you).
Related: Redesign HTTP::Client to implement missing features · Issue #6011 · crystal-lang/crystal · GitHub
But yes, DI usually the answer when it comes to this kind of stuff, but it’s not all that common of a pattern in Ruby/Crystal it seems 
.
Related: [RFC] Standardized Abstractions & shameless plug.