On This Page

The Client Credentials flow is recommended for server-side (AKA confidential) client applications with no end user, which normally describes machine-to-machine communication. Your application needs to securely store its Client ID and secret and pass those to Okta in exchange for an access token. At a high-level, the flow only has two steps:

  • Your application passes its client credentials to your Okta Authorization Server.
  • If the credentials are accurate, Okta responds with an access token.

See our OAuth 2.0 overview for more information on the Client Credentials flow.


If you need help or have an issue, post a question on the Okta Developer Forum (opens new window).