...

Client Credentials Grant can be configured either with SSO Management UI or SSO Management API. This instruction covers the UI. Refer to Configuring impersonation with Management API - SSO for API instructions.

PrerequisitePrerequisites: site

1. Site Example, OAuth 2.0 application Client1 and group Group1 exist in SSO.

2. Application Client1 has client_credentials grant type in its metadata:

   Code Block
   language json
   ... "grant_types": [ "client_credentials" ] ...

The following steps are required:

1. Create and enable authentication method as described in OAuth 2.0 Client Credentials Grant authentication method - SSO

...

2. Add this method to site Example.

3. Allow the method for application Client1 and

4. Allow the method for group Group1.

5. Allow Group1 to access application Client1.

Management

...

Now it should be possible to get the token with Client1 credentials:

POST {{baseUrl}}/uas/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&scope=oidc&client_id=client.credentials.app&client_secret=secret

Authorized access use case

...