The simplest of all of the OAuth 2.0 grants, this grant is suitable for machine-to-machine authentication where a specific user’s permission to access data is not required.
The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user. This is typically used by clients to access resources about themselves rather than to access a user's resources.
The following is an example authorization code grant the service would receive.
POST https://app.com/token
In some cases, applications may need an access token to act on behalf of themselves rather than a user. For example, the service may provide a way for the application to update their own information such as their website URL or icon, or they may wish to get statistics about the users of the app. In this case, applications need a way to get an access token for their own account, outside the context of any specific user. OAuth provides the client_credentials grant type for this purpose.
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
Authorization
String
The client needs to authenticate themselves for this request. Typically the service will allow either additional request parameters client_id and client_secret, or accept the client ID and secret in the HTTP Basic auth header.
grant_type*
String
A Parameter must be set to clienst_credentials.
scope
String
The service supports different scopes for the client credentials grant. In practice, not many services actually support this.