OAuth 2.0 Client Credentials Flow (in plain English)
Ғылым және технология
In this second video of the "OAuth2.0 with Tyk" mini series, we look at the Client Credentials grant type and understand its workflow. If you missed the first video in the series, click the link at the bottom of the description to better help with learning the concepts in this video.
00:00 Intro
00:24 In this video
01:02 Client Credentials Explained
02:29 How it works: Flow
02:53 Access token request
04:01 Access token response
04:55 In the next video...
What is OAuth2.0:
• What is OAuth2.0 (in p...
Integrate OAuth2.0 with your API using Tyk's API Management Platform:
tyk.io/docs/basic-config-and-...
Tyk API Management docs: tyk.io/docs/apim/
---------
Sign up for a free trial: tyk.io/sign-up/
Join the Tyk community: community.tyk.io
---------
Follow us
Github: github.com/TykTechnologies/tyk
Twitter: / tyk_io
Linkedin: / tyk
Пікірлер: 3
nice explanation !
Why put client secret in body?
@TykAPIM
Жыл бұрын
Hi Vineet! Thanks for the question! In this demonstration, we are generating a system-system API call, which, in this case, the Client Credentials grant type makes the most sense. It doesn't matter if the clientId/clientSecret are passed in the headers or body of the request in order to accomplish the handshake and generate an access token by the auth server. Hope that helps! - Firas