From the course: Web Security: OAuth and OpenID Connect
Join today to access over 24,900 courses taught by industry experts.
Overview: Client Credential Flow - OAuth Tutorial
From the course: Web Security: OAuth and OpenID Connect
Overview: Client Credential Flow
- [Instructor] The next grant type or OAuth flow that we're going to cover is the easiest, the client credential flow. This is explicitly for authorizing a system to perform actions on another system. If you're familiar with service accounts that are supported by systems like Active Directory or potentially APIs like Salesforce or Google, you've already dealt with this concept. Unlike other grant types, this one does not involve a user, and that's where people struggle with it. Remember, it's never acting on behalf of a user, but on its own behalf. That also means you'll never use it for OpenID Connect. In terms of mechanics, this is what it looks like. My client application needs access to some protected resource. It makes a request to our authorization server using its client ID and client secret, which are effectively that application's username and password. The authorization server validates those credentials and…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.