Client Credentials
Client Credentials In this blog I would like to detail on "Client Credentials" OAuth2.0 grant type. This is more popular for authentication between applications hosted under same domain and usually one of them is Non-DMZ i.e. not exposed to internet. It is typical to see this protocol applied by Financial Services Apps, wherein a Web UI Layer of application makes API calls basis "Client Credentials" protocol. Let's try to understand with an example, we have an ABCD Bank which has a Web App for its customers. Web App as a layer of application has its Controls and event handling logic along with fair bit of Presentation and Orchestration logic in its piece of code this is technically hosted on a certain Web Server exposed to Internet. But it would seldom have data or core business logic hosted in the same server or developed under same code base. You would certainly not want your KYC check logic coded inside a Javascript or a servlet (which is certainly...