Skip to content

Client credentials grant flow

This method is used outside of the context of the user. The client is assumed to be the resource owner and the access request to an application’s resources rather than the resource’s owned by the user. An application access token should only be used in server to server calls and should not be used when making calls from a client-side application. The following diagram describes the Client Credential flow:

Token Request

  • API CALL:

    • POST {``baseURL``}/oauth/token
  • HEADER:

    • Authorization: Basic <Base64 encoded “ClientID:ClientSecret”>
    • Content-Type: application/x-www-form-urlencoded
  • BODY:

    • grant_type = {client_credentials}
    • scope = {ApplicationName} (Space separated values)

For scope, please do not use scope=openid with Client Credentials. The openid scope may be used with the Authorization Code flows in order to also return an id token.

Example request

POST /oauth/token/
Host:  stage.id.trimblecloud.com/oauth/token
Authorization: Basic
TE9pU...
Content-Type: application/x-www-form-urlencoded
Accept: application/json
Cache-Control: no-cache
grant_type=client_credentials
scope = processing

Token response

A sample response for the above request:

{
    "access_token": "eyJ0e...",
    "token_type": "bearer",
    "expires_in": 3600
}
  • To decode and verify the TID JWT Token, refer to Decode JWT