!!! Overview
[{$pagename}] ([CCG]) (or other forms of client authentication) can be used as an [Authorization Grant] when the authorization scope is limited to the protected resources under the control of the [OAuth Client], or to protected resources previously arranged with the [Authorization Server].  


[{$pagename}] or (Client Credentials Flow) is a server to server using a [Grant_type] of client_credentials.

There is no user [authentication] involved in the process. In fact there is no user at all, the resulting [Access_tokens] will not contain a user, but will instead contain the [Client_id] as subject (if not configured otherwise).

This flow is useful for systems that need to perform [API] operations when no user is present. It can be nightly operations, or other that involve contacting OAuth protected APIs.

Since there is no user authorization, the flow only interacts with the Token endpoint.


[OAuth Client] credentials are used as an [Authorization Grant] typically when the client is acting on its own behalf (the client is also the [Resource Owner]) or is requesting access to protected resources based on an authorization previously arranged with the [Authorization Server].

The [Client] send the following [Authorization Request Parameters]: (Sent as a [HTTP POST] to the [Token_endpoint])
* client_id
* client_secret
* grant_type: client_credentials
* scope: Space separated string of scopes

[{$pagename}] has no [Refresh_token] is issued. The client can make the same call again to obtain a new access token.


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [RFC 6749 Client Credentials|https://tools.ietf.org/html/rfc6749#section-1.3.4|target='_blank'] - based on data observed:2015-05-18
* [#2] - [!!! OAuth Client Credentials Flow
|https://curity.io/resources/learn/oauth-client-credentials-flow/|target='_blank'] - based on information obtained 2022-02-15