Client Credentials Flow

a. Client submits a client_id and client_secret to the token endpoint.
b. Server returns an Access Token.

🚧

The Content-Type for this request is application/x-www-form-urlencoded.

Sample response:

{
   "access_token": "CZ0OAAAAAAAAEdt7AgAAAAAAGAEgAClebYBnbQEAADooMDMyMDg2MmExZWNlYjIyYWJhMjc1OGI4NzJlMGZhNWI5ZDYxN2Q0YkAC::644420::78997c",
   "token_type": "bearer",
   "expires_in": 43200
}
<BadClientCredentialsException>
    <error>invalid_client</error>
    <error_description>Bad client credentials</error_description>
</BadClientCredentialsException>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 Could not verify the provided CSRF token because your session was not found.</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /authentication/oauth/token/. Reason:
<pre>    Could not verify the provided CSRF token because your session was not found.</pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.4.15.v20190215</a><hr/>

</body>
</html>

πŸ“˜

Note

No Refresh Token is returned.

🚧

Troubleshooting

Make sure that the endpoint URL does not contain a trailing β€˜/’.

Otherwise, the server returns 403 - Not Found, with the following HTML message:
"Could not verify the provided CSRF token because your session was not found"

Language