Client Credentials Grant Type
Use this grant type when authorization scope is limited to the protected resources under the control of the client or to protected resources registered with the OAuth Authorization Server.
The following diagram displays the Client Credentials Grant Type flow.
In this OAuth flow:
-
A client-initiated event (for example, a scheduled background update for an app on your mobile device) requests access to a protected resource from an OAuth client application.
-
The client application presents its own credentials to obtain an access token and often a refresh token. This access token is either associated with the client's own resources, and not a particular resource owner, or is associated with a resource owner for whom the client application is otherwise authorized to act.
-
Oracle Identity Cloud Service Authorization Server returns the access token to the client application.
-
The client application uses the access token in an API call to update the app on your device.
| Function | Available |
|---|---|
| Requires client authentication | Yes |
| Requires client to have knowledge of user credentials | No |
| Browser-based end user interaction | No |
| Can use an external Identity Provider for authentication | No |
| Refresh token is allowed | No |
| Access token is in the context of the client application | Yes |
See Client Credentials Grant Type authorization flow for an example flow.