Like @sigama mentioned, If you are using a Service application and implementing Client Credentials flow, the grant_type
will always be client_credentials
.
What you’re asking about is not about the grant_type, but the client authentication needed to request tokens for this application. Per the guide you linked to, in order to use a Service app to get tokens to use against Okta APIs (with Okta API scopes), the service app you create will use private_key_jwt client authentication, but the grant_type will still be client_credentials
as that indicates what OAuth flow you are using.
Because private_key_jwt is being used for client authentication in a Client Credentials OAuth flow, you are passing those client_assertion_type
and client_assertion
parameters along in your request body, as shown in the example on that page:
curl -X POST "https://{yourOktaDomain}/oauth2/v1/token"
-H "Accept: application/json"
-H "Content-Type: application/x-www-form-urlencoded"
-d "grant_type=client_credentials \
&scope=okta.users.read \
&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \
&client_assertion=eyJhbGciOiJSUzI1…..feCJfSqsJeEKGjJqp1accnXpPbCSi1-2UQ"