apps/oauthapp/src/views/docs/credential.ejs

<div class="max-w-4xl mx-auto p-6 bg-white shadow-md rounded-md">
    <h2 class="text-2xl font-bold mb-4">2. Client Credentials Flow</h2>
    
    <div class="mb-6">
        <h3 class="text-xl font-semibold mb-2">Overview</h3>
        <p class="mb-4">
            The client credentials grant type is used when there is no user present, and the client authenticates itself with the authorization server. In other words, the client credentials grant type is used by client applications to obtain an access token beyond the context of a user, for example, in machine-to-machine environments.
        </p>
        <p class="mb-4">
            Only confidential clients able to store their credentials securely can use the client credentials flow.
        </p>
        <img src="/images/oauth-client-credential-flow.png" alt="OAuth Client Credential Flow" class="mb-6 w-full h-auto rounded-md shadow-sm">
    </div>

    <div class="mb-6">
        <h3 class="text-xl font-semibold mb-2">Steps</h3>
        <ol class="list-decimal pl-6 space-y-2">
            <li>The client requests an access token by calling the token endpoint of the Authorization Server.</li>
            <pre class="bg-gray-800 text-white p-4 rounded-md">
curl -X POST https://$TENANT_ID.$REGION_ID.authz.cloudentity.io/$TENANT_ID/$WORKSPACE_ID/oauth2/token \
--header "Content-Type: application/x-www-form-urlencoded" \
--data-raw "grant_type=client_credentials&client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET"
            </pre>
            <li>Authorization server validates the client credentials received in the request.</li>
            <li>Authorization server returns the token.</li>
            <li>The client requests protected resources from the resource server and submits the token it received in the previous step.</li>
            <li>The resource server validates the token and responds with the requested resources.</li>
        </ol>
    </div>

    <div class="mb-6">
        <h3 class="text-xl font-semibold mb-2">Use Case</h3>
        <p class="mb-4">
            <strong>Machine-to-machine communication:</strong> You have a backend service, such as a microservice or a daemon, that needs to access secrets stored in Azure Key Vault. The backend service needs to authenticate itself with Azure AD and obtain an access token to securely access the Key Vault without user interaction. This can be achieved using the Client Credentials Flow.
        </p>
    </div>

    <div>
        <h3 class="text-xl font-semibold mb-2">Security</h3>
        <ul class="list-disc pl-6 space-y-2">
            <li><strong>High security:</strong> No user involvement, and the credentials can be securely stored on the server.</li>
            <li>Uses the token issued to the Client Application. (no user token involved here)</li>
        </ul>
    </div>
</div>