Client Credentials Grant Type

Use this grant type when authorization scope is limited to the protected resources under the control of the client or to protected resources registered with the OAuth Authorization Server.

The following diagram displays the Client Credentials Grant Type flow.

A diagram that illustrates the Client Credentials Grant Type flow.

In this OAuth flow:

  1. A client-initiated event (for example, a scheduled background update for an app on your mobile device) requests access to a protected resource from an OAuth client application.

  2. The client application presents its own credentials to obtain an access token and often a refresh token. This access token is either associated with the client's own resources, and not a particular resource owner, or is associated with a resource owner for whom the client application is otherwise authorized to act.

  3. Oracle Identity Cloud Service Authorization Server returns the access token to the client application.

  4. The client application uses the access token in an API call to update the app on your device.

Function Available
Requires client authentication Yes
Requires client to have knowledge of user credentials No
Browser-based end user interaction No
Can use an external Identity Provider for authentication No
Refresh token is allowed No
Access token is in the context of the client application Yes

See Client Credentials Grant Type authorization flow for an example flow.