OAuth 2 Client Credentials grant in ACS - nordvall/TokenClient GitHub Wiki
This grant is used when the Client wants to authenticate as itself to a service.
Request token
Example request:
POST /v2/OAuth2-13 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json
Host: xxx.accesscontrol.windows.net
Content-Length: 159
grant_type=client_credentials&scope=https%3A%2F%2Fxxx.accesscontrol.windows.net%2Fv2%2Fmgmt%2Fservice&client_id=ManagementClient&client_secret=abc123
Parameters:
| Name | Value | Example |
|---|---|---|
| grant_type | the OAuth 2 grant type | Always client_credentials in this flow |
| scope | The Resource Server you want an access token to. | https:// xxx.accesscontrol.windows.net/v2/mgmt/service to get an access token to the ACS management API. |
| client_id | The name of a registered Service Identity or Management Identity in ACS | ManagementClient |
| client_secret | One of the passwords of client_id | abc123 |
Server response
HTTP/1.1 200 OK
{ "token_type":"http://schemas.xmlsoap.org/ws/2009/11/swt-token-profile-1.0",
"access_token":"*token*",
"expires_in":"28799",
"scope":"https://xxx.accesscontrol.windows.net/v2/mgmt/service"}
Now you can grab the access_token and use it for 28799 seconds.