From the course: Web Security: OAuth and OpenID Connect (2019)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Overview: Client credential flow
From the course: Web Security: OAuth and OpenID Connect (2019)
Overview: Client credential flow
- [Instructor] The next grant type that we'll cover is one of the easiest, the Client Credential Flow. Now unlike other grant types this one does not involve a user and that's where people struggle with it. Remember, it's never acting on behalf of a user, but on its own behalf. In terms of mechanics this is what it looks like. My client application needs access to a protected resource. It makes a request for authorization server using its client ID and client secret which are effectively that application's username and password. The authorization server validates those credentials and generates an access token. The client application then uses that access token to interact with a protected resource. Remember though, the client ID and client secret are the application's credentials, there's no user involved in this grant type. Sounds weird, so let me give you a concrete example. Odds are you're already using API keys with…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.