Client credentials with openid

I’ve implemented the client credentials grant flow and successfully received an access token but when I use that token for the /userinfo call I get an unauthorized response. Part of the response message says that the openid scope is missing. The documentation says that only custom scopes can be used for this flow and I get an invalid scope error when passing in openid.
Is the token received from the client credentials flow usable by the /userinfo call?

There isn’t a user associated with the token in the client credentials flow so you won’t be able to use the /userinfo endpoint.

What is your use case?

1 Like

Thanks for the quick response and for confirming that.

Here’s the use case:
There’s a backend service that creates/updates db data and it calls /userinfo with the passed-in access token to authenticate the user making the call and get their user id. This service has been used by a regular browser app that logs in a user using their username and password.

We want to use this backend service through a slack command and do not want to use any of the flows that require redirects for authorization because data passed into the command is lost after redirection.

Maybe you’re looking for the resource owner password flow?

1 Like

We ended up bypassing the /userinfo call and added token validation but the flow you suggested would definitely have been a better option over the redirect flows - thanks!

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.