Client Credentials

Client Credentials can be used as an authorization grant when the authorization scope is limited to the protected resources under the control of the client or to protected resources previously arranged with the authorization server. Client credentials are used as an authorization grant typically when the client is requesting access to protected resources based on an authorization previously arranged with the authorization server. Depending on your specific Partner configuration or where there is only a notion of an "anonymous" user, the Client Credentials grant is used, requiring a valid client id/secret combination.

A partner can request an access token using only its client credentials when the client is requesting access to the protected resources under its control. For more information, refer to Client Credentials Grant.

The Userinfo endpoint may now be called with the access_token to retrieve details about the User. For more information about /userinfo, refer to Userinfo Endpoint Information.

Sample Client Credentials Authorization Request:

POST {{url}}/oauth/token?
  client_id=someClientId
  &client_secret=someClientSecret
  &scope=PRIVOLOCK+TRUST
  &grant_type=client_credentials

Sample JSON Response:

{
  "access_token":"eyJhbGciOiJSUzIi.......3gZthv7Y",
  "token_type":"Bearer",
  "expires_in":599,
  "scope":"PRIVOLOCK TRUST"
}