For me, Client Credential flow is like client is asking access token for itself - not on behalf of some user.
Then, why would client like to limit its own scope? What is the benefit of scopes in client credential flow?
Asked
Active
Viewed 651 times
1 Answers
2
In case a client is requesting the access token for just a specific use case for which only a subset of scopes is required it could make sense that the client narrows down the scope. In case the access token is leaked an attacker would have access to only this use case.
DanielE
- 701
- 4
- 10