Client Credentials

Overview

The Client Credentials grant type is used when the client is requesting access to protected resources under its control (i.e. there is no third party).

Read more about client credentials

Use Cases

  • service calls
  • calls on behalf of the user who created the client.

Implementation

Create an instance of OAuth2\GrantType\ClientCredentials and add it to your server

Php
// create test clients in memory
$clients = array('TestClient' => array('client_secret' => 'TestSecret'));
// create a storage object
$storage = new OAuth2\Storage\Memory(array('client_credentials' => $clients));
// create the grant type
$grantType = new OAuth2\GrantType\ClientCredentials($storage);
// add the grant type to your OAuth server
$server->addGrantType($grantType);

Configuration

The Client Credentials grant type has the following configuration:

  • allow_credentials_in_request_body
    • whether to look for credentials in the POST body in addition to the Authorize HTTP Header
    • Default: true

For example:

Php
// this request will only allow authorization via the Authorize HTTP Header (Http Basic)
$grantType = new OAuth2\GrantType\ClientCredentials($storage, array(
 'allow_credentials_in_request_body' => false
));

Example Request

Text
# using HTTP Basic Authentication
$ curl -u TestClient:TestSecret https://api.mysite.com/token -d 'grant_type=client_credentials'
# using POST Body
$ curl https://api.mysite.com/token -d 'grant_type=client_credentials&client_id=TestClient&client_secret=TestSecret'

A successful token request will return a standard access token in JSON format:

Json
{"access_token":"03807cb390319329bdf6c777d4dfae9c0d3b3c35","expires_in":3600,"token_type":"bearer","scope":null}
Fork me on GitHub

AltStyle によって変換されたページ (->オリジナル) /