OAuthClient credentials flow
- 最終更新日2024/06/21
本ページのコンテンツは現在翻訳中であり、まもなく更新されます。更新まで今しばらくお待ちください。更新されるまでは、コンテンツは英語で表示されます。
OAuthClient credentials flow
This flow is typically used when the client application needs to access its own resources or perform actions on behalf of itself, rather than on behalf of a user. Example: A backend service might use the Client Credentials Flow to access an API to retrieve data or perform administrative tasks.
The Client Credentials Flow is a grant type in OAuth 2.0 used by confidential clients to obtain an access token. In this flow, the client directly requests an access token from the authorization server using its own credentials (client ID and client secret), rather than on behalf of a user.
- The client sends a request to the authorization server's token endpoint, including its client credentials (client ID and client secret) in the request body.
- The authorization server validates the client credentials.
- If the client credentials are valid, the authorization server issues an access token directly to the client.
- The client can then use this access token to access protected resources on the resource server.