Client Credential

The client does not need the credential of the user who uses the application. The client uses its own credential to get the data from the resource server. The OAuth server authenticates the client using the client ID and client secret of the client. For details of client credential flow, refer to section 4.4 of RFC 6749, "Client Credentials Grant", "The OAuth 2.0 Authorization Framework" found at the following location:

https://tools.ietf.org/html/draft-ietf-oauth-v2-31

The following is an example scenario of this flow:

  • A user uses an application that provides some data that the client has access to.
  • The application requests an access token using client credential flow before retrieving the data.

Refer to the following APIs: