The authentication of client credentials through OpenAPI using OpenIdConnect, connecting through Access Management with a configured service account, providing a client ID and client secret, follows a certain code flow. This topic describes that code flow.
Before you begin
To authenticate client credentials, you must first have obtained a client ID and client secret by managing a service account in
Access Management.
Procedure
- Have your custom application request the discovery document from Access Management.
Access Management returns the discovery document.
- Have your custom application extract the Token Endpoint from the discovery document.
- Have your custom application send a request to the Token Endpoint, providing a client ID and client secret.
The Token Endpoint sends back an access token.
- Have your custom application attach the access token as a bearer token to your OpenAPI requests.