The client credentials type works in a similar way to the ROPC grant type and is used to provide an access token to a client based on the credentials or the client, not the resource owner. In this grant type, the client credentials are swapped for an access token (step 1 below).


Oauth cc flow

Capability
Browser-based end user interaction No
Can use external IDP for authentication No
Requires client authentication Yes
Requires client to have knowledge of user credentials No
Refresh token allowed No
Access token is in context of end user No