Client Credentials Grant

March 30, 2024 | seedling, permanent

tags :

Grant Types or OAuth flow in OAuth2 #

Description #

The client application is authenticated and granted access using its credentials, without user involvement.

Use Cases #

Server-to-server communication
API authentication
for Confidentials Client

Security #

Reasonably secure,
relies on client credentials,
lacks user-specific authorization.

Implementing it in Identity Domain in OCI #

Get Authorization Code #

https://idcs-c87b18d47f4b46798f61e82aaf3154c0.identity.oraclecloud.com/oauth2/v1/authorize?response_type=code&client_id=04c1e0a50787408782a5a06fb04f6522&redirect_uri=http://localhost:8001&scope=openid

Get Access Token #

Call to the Authorization Server from the backend

import requests
import json

# OAuth endpoints given in the provider's documentation
domain_url = 'https://idcs-c87b18d47f4b46798f61e82aaf3154c0.identity.oraclecloud.com:443'
token_url = f'domain_url/oauth2/v1/token'

# Replace these values with your data
client_id = '04c1e0a50787408782a5a06fb04f6522'
client_secret = '5ec4e132-6cb8-4499-97fe-0c444faff293'  # For confidential clients

authorization_code = "AgAgMDlhODg3ZTYxNzIwNDA3ZWE2MjNiOTNmMzE3YWM5ODQIABDc_586l7Cfj6H5KdzEicBMAAAAQAV6ABieQBOclw50K9yeQYxA-1-hP-EWNwDR69d6ivViCylf6q9XCGW3v_6-P5XCFcokNrIH3pL7WlcEhi9Dm-s="

redirect_uri = 'http://localhost:8001'

# Prepare the data for the token request
token_data =
    'grant_type': 'authorization_code',
    'code': authorization_code,
    'redirect_uri': redirect_uri,
    'client_id': client_id,
    'client_secret': client_secret  # Include for confidential clients


# Make the POST request
response = requests.post(token_url, data=token_data)

print("result")
print(response)
result = response.json()
print(result)

if response.status_code == 200:
  result_dict = json.loads(result)
  id_token = result_dict["id_token"]
  access_token = result_dict["access_token"]
  print(f"id_token: id_token")

print("stat")
userinfo_url = f'domain_url/oauth2/v1/userinfo'
print("after")"

response structure: ref


"birthdate":"",
"email":"user@example.com",
"email_verified":false,
"family_name":"user",
"gender":"",
"given_name":"user",
"appRoles":[],
"name":"alice alice",
"preferred_username":"user@example.com",
"sub":"user@example.com",
"updated_at":1495136783,"website":""

Python Code Blocks in Shared Session #

# First block of code
x = 10
y = 20
print(f"Sum of x and y: x + y")

# Second block of code
z = x + y
print(f"Value of z: z")

Links to this note

Grant Types