OAuth client credentials flow

This method is used when the client application needs to access its own resources or perform actions on behalf of itself, rather than on behalf of a user. Example: A backend service might use the Client Credentials Flow to access an API to retrieve data or to perform administrative tasks.

The Client Credentials Flow is a grant type in OAuth 2.0 used by confidential clients to obtain an access token. In this flow, the client directly requests an access token from the authorization server using its own credentials (client ID and client secret), rather than on behalf of a user.

  1. The client sends a request to the authorization server's token endpoint, including its client credentials (client ID and client secret) in the request body.
  2. The authorization server validates the client credentials.
  3. If the client credentials are valid, the authorization server issues an access token directly to the client.
  4. The client can then use this access token to access protected resources on the resource server.

Procedure

  1. Complete steps 1-6 from Create OAuth connection section.
  2. Select the grant type as Client Credentials Flow. This grant type is used to perform API operations when the user is not present and when the application can exchange the client ID and client secret directly for an access token. You can also use this grant type to access OAuth protected APIs. As an authorized user you can configure the Control Room managed OAuth connections to set the client credential work flow.
  3. Complete steps 8-12 from Create OAuth connection section.
  4. Optional: Enter Audience. The audience defines the intended consumer of the token. This field is enabled only if you have selected Client Credentials Flow as the grant type.
  5. Complete steps 13-18 to complete creating OAuth connection using this grant type.