How to handle Client Credential Grant - loctx21/oauth2orize GitHub Wiki

+---------+                                  +---------------+
|         |                                  |               |
|         |>--(A)- Client Authentication --->| Authorization |
| Client  |                                  |     Server    |
|         |<--(B)---- Access Token ---------<|               |
|         |                                  |               |
+---------+                                  +---------------+

There is no Authorization Request in this flow. The authorization server will do the authentication instead.

This way, the client will make a single POST request to the token endpoint with client_secret, client_id int its body x-www-form-urlencoded params.

The function, attribute we need to register are:

1. oauth2orize.exchange.clientCredentials in server.exchange to handle token generation and saving
2. oauth2-client-password in passport.authenticate to let passport use this specific strategy to authenticate request
3. callback function to verify client_id, client_secret in passport.use function