GuidesCommunity
Guides

Client Credentials

Suggest Edits

The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user. This is typically used by clients to access resources about themselves rather than to access a user's resources.

With machine-to-machine (M2M) applications, such as lambdas, jobs, CLIs, daemons, or services running on your back-end, the system authenticates and authorizes the app rather than a user. For this scenario, typical authentication schemes like username + password or social logins don't make sense. Instead, M2M apps use the Client Credentials Flow (defined in OAuth 2.0 RFC 6749, section 4.4), in which they pass along their Client ID and Client Secret to authenticate themselves and get a token.

🔐
Authenticating with client credentials
Open Recipe
import Bitcapital from 'bitcapital-core-sdk';

// Initialize the session instance to authenticate
// using the Bitcapital Core OAuth 2.0 provider.
const bitcapital = Bitcapital.initialize({
  // Instance URL for REST API calls
  baseURL: 'https://your-instance.btcore.app',
  // Credentials for OAuth 2.0 requests
  clientId: '< YOUR CLIENT_ID HERE >',
  clientSecret: '< YOUR CLIENT_SECRET HERE >',
});

try {
  // Authenticate a client (API, service, etc) with the credentials from
  // the previous Bitcapital initialization method call.
  // If succeeds and available, the credentials will be stored in the 
  // session instance and in the local storage (for browser environments).
  const user = await bitcapital.session().clientCredentials();

  // The session returns a virtual user info and its credentials
  console.log(user.credentials.accessToken);

  // To logout and clear the current credentials, use the "destroy" action
  await bitcapital.session().destroy();

} catch(exception) {
  // Something went wrong, probably credentials are invalid
  console.error(exception);
}

curl \
  -H "Authorization: Basic $(echo \"CLIENT_ID:CLIENT_SECRET\" | base64)" \
  --data "grant_type=client_credentials" \
  https://instance-url.btcore.app/oauth/token

public class BitcapitalClient {
  
  public static class OAuthTokenResponse {
    public String access_token;
    public String refreshToken;
    public String expiresIn;
    public String userId;
  }
  
  /**
   * Uses Retrofit2 annotations for HTTP request mapping.
   */
  public static interface OAuthWebService {
    @FormUrlEncoded
    @POST("oauth/token")
    Call<OAuthTokenResponse> token(
      @Header("Authorization") String basic, 
      @Field("username") String email, 
      @Field("password") String password, 
      @Field("scopes") String [] scopes, 
      @Field("grant_type") String grantType
    );
  }

  /**
   * Executes an OAuth 2.0 authentication using OkHttp3 and Retrofit2.
   */
  public static Call<> execute() {
    Retrofit retrofit = new Retrofit.Builder()
      // Add your instance URL
      .baseUrl("https://testnet.btcore.app")
      // Uses GSON for serialization
      .addConverterFactory(GsonConverterFactory.create())
      .build();
    
    // Initialize the oauth web service interface
    OAuthWebService oauthWebService = retrofit.create(OAuthWebService.class);  
    
    // TODO: Put your params in the request call
    return oauthWebService.token(...params).execute().body()
  }
}

For more information, checkout de OAuth 2.0 API Reference.

Updated over 3 years ago

What’s Next