In order to store the "access_token" value in a field, you have to separate the Authentication from the Workflow, this will result in 2 different filters (or 1 filter with 2 Set Fields):

- First filter will retrieve the OAuth2 token and map the access_token in a form field.
- Second filter will be configured with the workflow for CRUD operations and a Custom header called "Authorization" pointing to the previous "access_token" value.

--- Steps ---
1.- Getting the token and map the access_token in a form field:
- In the "URI, Path and Query Params" section, you will construct the Token Endpoint + the OAuth2 details. For example:
https://<token_endpoint>oauth2/token/?grant_type=client_credentials&username=test_user&password=test_password&client_secret=dGVzdF9zZXJ2aWNlOnByb2Q=aWNlOnByb2Q-&client_id=dGVzdF9zZXJ2aWNlOnByb2Q=&scope=test.read

- The "Authentication" section will be configured as "NOAUTH".

- Add the following Keys into the "Custom Header" section:
Content-Type: application/x-www-form-urlencoded
Authorization: Basic dGVzdF91c2VyOnRlc3RfcGFzc3dvcmQ=

Note:
The "Authorization" value will be the Client ID + Client Secret in Base64 form.

- Map the values that you need from the JSON response, such as "access_token" or "expires_in" values in the form fields:

(In this example, i'm saving this into the "Short Description" field.)

In a typical JSON response, you will receive something like this:
{"access_token":"eyJraWQiOiJkNmYyGGAYUSMMDddsdUtOGJhMy00NjI2YzYxNzNiMjAiLCJhbGciOiJSUzI1NiJ9.eyJeyUOlJDLLoiuBR1Y3Rpdm8iLCJhdWQiOiJjbWRiX3Byb2R1Y3Rpdm8iLCJuYmYiOjE3MjEzMDkzMzMsIlRlc3QiOiJUZXN0IEFjY2VzcyBUb2tlbiIsInNjb3BlIjpbImNtZGIucmVhZCJdLCASSHDFF1LjE4NC4xNTA6ODA4MC9hdXRoLXNlcnZlciIsImV4cCI6MTcyMTMxMTEzMywiaWF0IjoxNzIxMzA5MzMzLCJ1c2VyIjwiYXV0aG9yaXRpZXMiOltdfQ.srMdrguT5c6o_ilEQDM2Hy0dg53skPx2yAKKIwIyTdFwWumUpR3xhglFa7O3gdd9Hg2nZ-5k6Y64cGjj83yLXUjfes2fpencNKkmFBbD87PDus96jVI2-y5pSHOiCSUDoNeR7O5JgPot-eZgoC7TD4huHEgM6mnaQcqYVATi7xs","scope":"test.read","token_type":"Bearer","expires_in":1800}


2.- Use the "access_token" for next requests:
In a second filter, you will configure the regular workflow endpoints for creation, update or deletion, with the following characteristics:

- The "Authentication" section will be set as "NOAUTH"

- Add the previously stored "access_token" in the Custom Header section as follows:
Authorization: Bearer eyJraWQiOiJkNmYyGGAYUSMMDddsdUtOGJhMy00NjI2YzYxNzNiMjAiLCJhbGciOiJSUzI1NiJ9.eyJeyUOlJDLLoiuBR1Y3Rpdm8iLCJhdWQiOiJjbWRiX3Byb2R1Y3Rpdm8iLCJuYmYiOjE3MjEzMDkzMzMsIlRlc3QiOiJUZXN0IEFjY2VzcyBUb2tlbiIsInNjb3BlIjpbImNtZGIucmVhZCJdLCASSHDFF1LjE4NC4xNTA6ODA4MC9hdXRoLXNlcnZlciIsImV4cCI6MTcyMTMxMTEzMywiaWF0IjoxNzIxMzA5MzMzLCJ1c2VyIjwiYXV0aG9yaXRpZXMiOltdfQ.srMdrguT5c6o_ilEQDM2Hy0dg53skPx2yAKKIwIyTdFwWumUpR3xhglFa7O3gdd9Hg2nZ-5k6Y64cGjj83yLXUjfes2fpencNKkmFBbD87PDus96jVI2-y5pSHOiCSUDoNeR7O5JgPot-eZgoC7TD4huHEgM6mnaQcqYVATi7xs

or map the value:
Authorization: Bearer $access_token$

Important Note:
With this method, you will always rely on a 2nd Filter to obtain the access_token independently from the workflow. 

If you want to try the standard authentication flow, you can check the following documentation:
https://docs.bmc.com/docs/display/ars213/Calling+third-party+REST+APIs+in+a+Remedy+application#CallingthirdpartyRESTAPIsinaRemedyapplication-oauth