Hi,
In client credential grant flow with JWT token, if we are using an JWT assertion in request body to get an access token then why the grant_type is client_credentials and not jwt-bearer.
https://developer.okta.com/docs/guides/implement-oauth-for-okta-serviceapp/get-access-token
Please correct my understanding if i misunderstood anything.
Hi @ananddhage! Service apps must authenticate with grant type=client_credentials please see 4.4 Client Credentials Grant.
Like @sigama mentioned, If you are using a Service application and implementing Client Credentials flow, the grant_type will always be client_credentials.
What you’re asking about is not about the grant_type, but the client authentication needed to request tokens for this application. Per the guide you linked to, in order to use a Service app to get tokens to use against Okta APIs (with Okta API scopes), the service app you create will use private_key_jwt client authentication, but the grant_type will still be client_credentials as that indicates what OAuth flow you are using.
Because private_key_jwt is being used for client authentication in a Client Credentials OAuth flow, you are passing those client_assertion_type and client_assertion parameters along in your request body, as shown in the example on that page:
curl -X POST "https://{yourOktaDomain}/oauth2/v1/token"
-H "Accept: application/json"
-H "Content-Type: application/x-www-form-urlencoded"
-d "grant_type=client_credentials \
&scope=okta.users.read \
&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \
&client_assertion=eyJhbGciOiJSUzI1…..feCJfSqsJeEKGjJqp1accnXpPbCSi1-2UQ"