Authorization Basics

Client Credentials Flow

Client credentials grant is a flow used for communication between single or multi services and applications. It can be used by, for example, applications that process batches or integrate multiple systems.

In a Nutshell

The client credentials grant flow type is used in a situation when there is no user present and the client authenticates itself with the authorization server (in this case, Cloudentity). In other words, the client credentials grant type is used by clients to obtain an access token outside of the context of a user, for example, in machine-to-machine environments.

Only confidential clients, which are able to store their credentials in a secure manner, can use the client credentials flow.


The client uses the client authentication as its authorization grant and no additional authorization is needed.

In Depth

Client credentials flow diagram

  1. The client requests token by calling the token endpoint.

    Read More

    Cloudentity supports multiple client authentication methods. To learn more, see the client authentication documentation.

  2. Cloudentity returns the token.

  3. The client requests protected resources from the resource server and submits the token it received in the previous step.


    The client can request only the resources that it received the access to.

  4. The resource server validates the token and responds with requested resources.