<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00008chN9ASAUOkta Classic EngineSingle Sign-OnAnswered2024-04-30T09:52:54.000Z2020-06-03T14:05:24.000Z2020-06-10T23:22:45.000Z

2cwrj (2cwrj) asked a question.

June 3, 2020 at 2:05 PM
When using client credential flow, having recieved a token, how should we decide if we should authorize the request?

For machine to machine communication, assuming we are using the client credential flow and have received an access token in the resource server, how should we decide whether to authorize the request.

 

Possibilities appear to be:

 

  • Compare the client application id value received in the "sub" claim to a list of authorized client IDs.
  • Assign a custom scope to an authorization server and feed into an access token via an authorization policy assigned to the client application.

 

 

  • 1 answer
  • 631 views

  • e2rky (e2rky)

    Hi Gereth,

     

    As more information needs to be received for a better understanding of the achievement and environment, opening a support case will be, in this situation, necessary.

This question is closed.
Loading
When using client credential flow, having recieved a token, how should we decide if we should authorize the request?