Client Credentials Flow
This grant allows a Client to directly authenticate itself with the authorization server using its own credentials, in this case Client ID and Client secret.
Do not use this flow in public applications such as your application's front-end as it involves using Client Secret which would result exposing it to public.
Make sure your Client has client_credentials
grant type enabled in Dashboard > Clients > Details > Grant Types
Request Body
For Client Credentials Grant this must be set to client_credentials
Value: client_credentials
Audience of to be generated access token.
NOTE: Make sure your client is granted access to use this audience from
Dashboard > Resources > [Your Resource] > Clients
Response Body Schema
access_tokenstringRequired
Access token value in JWT string
expires_innumberRequired
Access token's expiration in seconds
scopestring
Final scopes granted to access token as space separated strings.
token_typestring
Available Values: DPoP
Bearer