The client credentials can be used as an authorization grant when the client is the resource owner, or when the authorization scope is limited to protected resources under the control of the client.
The client requests an access token only with the help of client credentials.
The client credentials authorization flow is used to acquire access token to authorize API requests.
Using client credentials authorization, access token which is acquired, only grants permission for your client application to search and get catalog documents.
The following figure depicts the Client Credentials Flow.
The flow illustrated in the above figure consists of the following steps −
Step 1 − The client authenticates with the authorization server and makes a request for access token from the token endpoint.
Step 2 − The authorization server authenticates the client and provides access token if it's valid and authorized.
The following table lists the concepts of Client Credentials.
|Sr.No.||Concept & Description|
|1||Obtaining End-User Authorization
The authorization end point is typically URI on the authorization server in which the resource owner logs in and permits to access the data to the client application.
The authorization response can be used to get the access token for accessing the owner resources in the system using the authorization code.
|3||Error Response and Codes
The authorization server responds with a HTTP 400 or 401 (bad request) status codes, if an error occurs during authorization.