Manualshelf

User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerconnect W-ClearPass Hardware Appliances
381382383384385386387388389390
382 | Administration Dell Networking W-ClearPass Guest 6.4 | User Guide
The following diagram shows the transaction flow of password grant type.
1. The user enters credentials directly into the app’s native user interface. The app should not cache user
credentials under any circumstances.
2. The app submits the user credentials to the authorization server. Credentials include grant_type=password,
user, password, client_id, and client_secret. The client_secret is not required if the OAuth2 app is
defined as a public client.
3. The resource server returns the access token to use in subsequent API calls. This includes access_token,
expiry time, token_type=bearer, and refresh_token.
4. The app includes the access token in the HTTP Authorization header. This includes the Bearer access_
token.
5. The resource server returns the authenticated API payload.
Client Credentials Grant Type
The simplest grant type offered by OAuth2 doesn’t include a 3rd party user at all and is essentially intended for
server-to-server integrations for updating the application server configuration. In this case, applications need a
way to get an access token for their own user and need to do this outside the context of any specific user.
OAuth provides the client credentials grant type for this purpose.
Given the simplicity of this grant type, many developers may use its basic workflow to recover an access token
so they can quickly get started with the APIs. That being said, client credentials should never be used in
production where an untrusted 3rd party developer has access to the client secret.
The following diagram shows the transaction flow of the client credentials grant type.