The enforcement point receives the request, validates the access token, and returns the resource back to the client if the request is valid. To request an access token using client credentials grant, the client must present its client credentials to the authorization server (Web Token Service, listening on port 5050), and add two required parameters in its request: The authorization server verifies the client credentials and returns an access token if the authentication is successful.The response contains the access token, the token type, the token lifetime, and the scope granted in the following format (line breaks added for clarity).These techniques are described in Part 2 of this series in more detail.
The client credentials grant is one of the four grant types defined in the OAuth 2.0 Specification Framework (Section 4.4).This grant type differs from the other grant types in that the client itself is the resource owner.Check that the client is properly registered by verifying its OAuth client profile object listed in the OAuth client group definition as shown in Figure 4.A similar error occurs when the provided client secret does not match the one in the OAuth client profile.If the OAuth client application, This error occurs because the request scope Account is not valid.
It does not match the allowed scope set in the account-application OAuth client profile.
The client application can obtain an access token by presenting just its own credentials.
Using this grant type, the client avoids having its credential being exposed in every resource request on the wire.
The enforcement point service proxy created in this step will verify the token before allowing a request to pass.
This completes the configuration for the OAuth client credentials flow.
If the authorization server fails to validate the access request, an error code is included in the response.