Client CredentialsΒΆ
The client credentials grant type is a flow where no user interaction is involved. The flow is used for server to server requests. The only parameters that are needed are client_id and client_secret.
The Client Credentials flow according the OAuth 2.0 specification:
+---------+ +---------------+
| | | |
| |>--(A)- Client Authentication --->| Authorization |
| Client | | Server |
| |<--(B)---- Access Token ---------<| |
| | | |
+---------+ +---------------+
The Client (the application) sends a request to the Token endpoint of the OAuth 2.0 server. The OAuth 2.0 server validates the client’s credentials and, if verification is succesful, issue an access token.
The following parameters are involved with the request:
- grant_type
MANDATORY. Value “client_credentials”.
- scope
MANDATORY (not mandatory according the OAuth 2.0 specification, but necessary for Quasydoc).
- client_id
MANDATORY. Id of the application (defined by Quasydoc).
- client_secret
MANDATORY. Secret code of the application (defined by Quasydoc).
The client_id and client_secret can be sent in one of the following ways:
- Via POST parameters
parameters ‘client_id’ and ‘client_secret’
- Via the HTTP Authorization request-header field
with the base64 encoded value of the client_id and client_secret separated by a single colon.
e.g. (pseudo code)
Authorization: Basic *base64(client_id+':'+client_secret)*
e.g.
Authorization: Basic aWQ6c2VjcmV0