Client Credentials Flow

This grant allows a Client to directly authenticate itself with the authorization server using its own credentials, in this case Client ID and Client secret.

Do not use this flow in public applications such as your application's front-end as it involves using Client Secret which would result exposing it to public.
Make sure your Client has client_credentials grant type enabled in Dashboard > Clients > Details > Grant Types

Request Body

client_id
string
Zorunlu

Your client id.

client_secret
string
Zorunlu

Your client's secret.

grant_type
string
Zorunlu

For Client Credentials Grant this must be set to client_credentials

Değer: client_credentials

audience
string

Audience of to be generated access token.

NOTE: Make sure your client is granted access to use this audience from Dashboard > Resources > [Your Resource] > Clients

scope
string

Space separated permissions (scopes) list.

Make sure your client has access to the scopes for your resource from Dashboard > Resources > [Your Resource] > Clients.

POST
/oauth2/token
1
2
3
4
5
6
7
8
Loading...
Response:
200
Loading...

Response Body Schema

access_token
string
Zorunlu

Access token value in JWT string

expires_in
number
Zorunlu

Access token's expiration in seconds

scope
string

Final scopes granted to access token as space separated strings.

token_type
string

Mevcut Değerler: DPoPBearer