Client Credentials Flow

The Client Credentials Flow (defined in OAuth 2.0 RFC 6749, section 4.4) involves an application exchanging its application credentials, such as client ID and client secret, for an access token.

This flow is best suited for Machine-to-Machine (M2M) applications, such as CLIs, daemons, or backend services, because the system must authenticate and authorize the application instead of a user.

How it works

Flows - Client Credentials - Authorization sequence diagram(w/Border)
  1. Application sends application's credentials to the Auth0 Authorization Server. To learn more about client authentication methods, read Application Credentials.

  2. Auth0 Authorization Server validates application's credentials.

  3. Auth0 Authorization Server responds with an access token.

  4. Application can use the access token to call an API on behalf of itself. For more information on this process, see Validate JSON Web Tokens.

  5. API responds with requested data.

How to implement it

The easiest way to implement the Client Credentials Flow is to follow our Backend Quickstarts.

Alternatively, you can use the Auth0 Authentication API to implement the Client Credentials Flow. For more information, read Call Your API Using the Client Credentials Flow.

Learn more