Client Credentials Flow

How it works
How to implement it
Learn more

The Client Credentials Flow (defined in OAuth 2.0 RFC 6749, section 4.4) involves an application exchanging its application credentials, such as and , for an . This flow is best suited for Machine-to-Machine (M2M) applications, such as CLIs, daemons, or backend services, because the system must authenticate and authorize the application instead of a user.

How it works

Flows - Client Credentials - Authorization sequence diagram(w/Border)

Application sends application’s credentials to the Auth0 Authorization Server. To learn more about client authentication methods, read Application Credentials.
Auth0 Authorization Server validates application’s credentials.
Auth0 Authorization Server responds with an access token.
Application can use the access token to call an API on behalf of itself. For more information on this process, see Validate JSON Web Tokens.
API responds with requested data.

How to implement it

The easiest way to implement the Client Credentials Flow is to follow our Backend Quickstarts. Alternatively, you can use the Auth0 Authentication API to implement the Client Credentials Flow. For more information, read Call Your API Using the Client Credentials Flow.

Learn more

Call Your API Using the Authorization Code Flow with PKCE

Call Your API Using the Client Credentials Flow

⌘I

Auth0 Onboarding

Learn the Basics

Configure Auth0

Plan and Design

Auth0 AI

Universal Components

Client Credentials Flow

How it works

How to implement it

Learn more

Auth0 Onboarding

Learn the Basics

Configure Auth0

Plan and Design

Auth0 AI

Universal Components

Documentation Index

​How it works

​How to implement it

​Learn more

How it works

How to implement it

Learn more