1. Security Guide
  2. Client Credentials Grant Authentication Flow

Client Credentials Grant Authentication Flow

The client credentials grant flow represents an application that calls another application or service, without end user intervention. In this example, the client server application makes a call to the Siebel resource server to request business information. Since there is no end user intervention, the client is pre-authorized to have access to the resource. The following figure is an example of the Client Credentials Grant Authentication Flow.

The surrounding text describes the image.

The steps in this client credentials grant authentication flow process are as follows:

  1. The business client application makes a call to the Siebel Server to request some business information by passing an access token. Since there is no end user intervention, the client is pre-authorized to have access to the resource.
  2. The request is redirected to the OAuth server for authentication.
  3. The OAuth server returns an access token.
  4. The client server sends a request to the resource server. The request includes the access token in the HTTP header. Siebel Server looks for the USERID from the token to establish a Siebel Server session.
  5. The Siebel Server validates the access token with the OAuth server.
  6. If the access token is authorized by the OAuth server, then access is granted to the Siebel resource.
  7. The Siebel Server returns the requested resource.

Once the confidential application has been setup on the IDCS and AI profile has been setup with the clientID/client secret and the introspection URL for REST Inbound authentication and LDAP/SSO for the EAI object manager, the next step is to generate the bearer token and make sure that the token is generated successfully for use in our OAuth flow for the client credentials flow.

For token generation, any utility like Postman or Boomerang can be used. Below are the types of grants that are available which can be used.

  • Authorization Code
  • Implicit
  • Password Credentials
  • Client Credentials

In this document, we will be covering "Client Credentials" grant type using Postman to generate token and perform introspection and validation of the REST calls.

The REST API Inbound authentication using OAuth uses Client Credentials Grant Authentication Flow.