Server to Server

If you are communicating with our KS Core API you will just use client id and client password to retrieve the access token, which then can be used to call our API. This flow is called client_credentials and it consists from only one call to our Identity Server:

We recommend the usage of a client library because they handle different flows automatically and they will most likely be updated when the OpenID Connect protocol changes for any flow. This can happen if security vulnerability is discovered and protocol standards needs to be modified.

POST /connect/token
Content-Type: application/x-www-form-urlencoded Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9pZF9zZWNydGV0
grant_type=client_credentials&scope=some_api

Since only one call is needed and there is no back and forth communication between the server and identity provider, return URLs are not necessary. Additionally, because it is server-to-server communication it is assumed that calling the server is secure enough and it isn’t operated by a human. KS Core API does not have a concept of individual user, so the client_credentials flow is needed.