Client Credentials Flow
The Client Credentials Flow involves an application exchanging its credentials, such as the client ID and client secret, for an access token. This method is ideal for Machine-to-Machine (M2M) applications like command-line interfaces (CLIs), daemons, or backend services (sever-to-server). Originally, it was designed for situations where the system needs to authenticate and authorize the application itself, rather than an individual user.
However, in DottedSign, all resources are associated with an owner, and the owner can manage these resources thereafter. Thus, in DottedSign API, when using the client credentials flow, the access token is assumed to belong to the application’s creator, and is thus subject to the user’s permissions.
The direct association of the token with the application creator offers several key benefits:
- Simplified Management: The association simplifies the management of resources. Users are not required to specify or delegate permissions for different tasks, as the permissions are inherently determined by the user's role assigned by the creator.
- Enhanced Security and Control: The association ensures that only authorized users can manage resources. This enhances the overall security and enables tighter control over the actions performed within the system.
- Accountability and Traceability: Actions performed with the token can be directly traced back to the application creator. This accountability is crucial for auditing purposes, making it easier to track changes and comply with the stringent requirements of eSignature legality and authenticity.
Usage Flow
| Parameter | Type | Required | Description |
|---|---|---|---|
client_id | String | O | Client ID for the application. |
client_secret | String | O | Client secret for the application. |
grant_type | String | O | client_credentials |
Updated 6 months ago