Client Credentials
The purpose of the Client Credentials flow is to acquire an Access Token, which can be added as Bearer token to REST calls made towards a Resource Server.
This flow must be used by machine-to-machine applications only. The app must be able to store a client secret in a safe place.
Your app sends a request to the Identity Cloud Token endpoint. The
client_id
andclient_secret
are used as credentials for Basic Authentication 1:POST /auth/oauth2/token HTTP/1.1
Authorization : Basic YTIwOTEwNTBjZmRkMTVjZTpjMDkxYTE1MWZmY2U5NjM1
grant_type=client_credentials
&scope=yourscope1If your app requests multiple scopes, they should be separated by an encoded space (
%20
).Upon successful validation of
client_id
,client_secret
, and the requested scopes, an access token in JWT format is returned 2:
{
"access_token":"ey...",
"token_type":"Bearer",
"expires_in":3600
}
Your app can now use the received access token to call a resource server.
1 calculated as: base64(<client_id>:<client_secret>)
2 line-breaks have been added to make the response more readable.