...
Recommended use
This grant is suitable for machine-to-machine authentication or for a client making requests to an API that does not require the user’s permission. This grant should be allowed for use only by trusted clients.
The flow
The client can request an access token using only its client credentials with this grant type. This grant type It is similar to the resource owner password credentials grant type except in this case, only the client’s credentials are used to authenticate a request for an access token.
...
This grant is suitable for machine-to-machine authentication or for a client making requests to an API that don’t require user’s permission. Again this grant should only be allowed to be used by trusted clients.
Support for refresh token grant - No
You can try Client credentials grant type with WSO2 Identity Server and WSO2 OAuth2 Playground sample as described here.
Bellow curl commands The cURL commands below can be used to try this grant type.
| Code Block | ||
|---|---|---|
| ||
curl -v -X POST -H "Authorization: Basic <base64 encoded client id:client secret value>" -k -d "grant_type=client_credentials" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token |
| Code Block | ||
|---|---|---|
| ||
curl -u <client id>:<client secret> -k -d "grant_type=client_credentials" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token |
You will receive a response in similiar to the bellow format below.
| Code Block | ||
|---|---|---|
| ||
{"token_type":"Bearer","expires_in":2061,"access_token":"ca19a540f544777860e44e75f605d927"} |
| Panel | ||
|---|---|---|
| ||
|