Overview of the client credentials grant

Figure 6 from RFC 6749

The steps are as follows:

A: The client authenticates with the service provider and requests an access token from the service provider's token endpoint.
B: The service provider authenticates the client, and if valid, issues an access token.

Authorization request and response

Since the client is requesting on their own behalf, no further authorization is needed.

Access token request

The client makes a POST request to the service provider's token endpoint passing in the following parameters encoded using the application/x-www-form-urlencoded format, as described in Appendix B of the specification: ...

Get Mastering OAuth 2.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering OAuth 2.0 by Charles Bihis

Overview of the client credentials grant

Authorization request and response

Access token request

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly