From the course: Web Security: OAuth and OpenID Connect (2019)

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

When should I use this?

When should I use this?

From the course: Web Security: OAuth and OpenID Connect (2019)

Start my 1-month free trial

When should I use this?

- [Instructor] After all the user-oriented OAuth grant types, when does the Client Credential grant type make sense? It's important to understand that it only applies when there isn't a user involved, like for back-end APIs or microservices, which brings us back to the earlier question. If we have API keys, why does Client Credential even make sense? Or, maybe more fundamentally, why is it part of OAuth? Well, there are three key benefits. First, the Client Credential Flow allows the back-end systems to speak OAuth, so now we can build one interface, whether we're interacting with users or other services. Simplifying our systems is valuable and vitally important because now we don't have to have different logic paths, or have to figure out different business processes for each. That reduces risk. Next, you and your developers get all the benefits of using OAuth, including rotating credentials, granular permission via…

Contents