Machine-to-machine flow — no user involved. The client authenticates directly with its credentials to obtain an access token.
No redirect URI or user interaction needed. Just the token endpoint and client credentials.
This is the HTTP POST that will be sent to the token endpoint. With client credentials, the client proves its identity using its client_secret — no user authorization step needed.
// Fill in config above to preview
The backend confirms what it actually sent, so you can verify it matches the preview exactly.
// Will appear after executing the request
The IdP returns an access_token. Unlike user flows, there is typically no id_token in client credentials responses.
// Awaiting request…
The access token is typically a JWT. Its payload contains claims about the client application (not a user) such as sub, aud, iss, and roles.