Client Credentials Flow

The Client Credentials Flow (defined in OAuth 2.0 RFC 6749, section 4.4) involves an application exchanging its application credentials, such as client ID and client secret, for an access token.

This flow is best suited for Machine-to-Machine (M2M) applications, such as CLIs, daemons, or backend services, because the system must authenticate and authorize the application instead of a user.

How it works

  1. Application sends application's credentials to the Login 3.0 Authorization Server.

  2. Login 3.0 Authorization Server validates the application's credentials.

  3. Login 3.0 Authorization Server responds with an access token.

  4. Application can use the access token to call an API on behalf of itself.

  5. API responds with the requested data.

PreviousCall Your API Using the Authorization Code Flow with PKCENextCall Your API Using the Client Credentials Flow

Last updated

Was this helpful?