Integrate the OAuth Client Credentials

This topic describes the Java SDK OAuth Client Credentials flow integration.

Overview

The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user. In this flow, the client application provides a client ID and a client secret to obtain an access token from a tenant. This grant flow is mainly used for machine to machine communications.

Before you begin

Integrate the SDK

Follow the steps below to use this SDK to get the access_token.

Step 1: Configure an OAuthClient instance using the Java SDK

  • Import the SDK as specified in the Before you get started section.
  • Pass the required parameters to create an OAuthClient instance.
import com.cyberark.client.OAuthClient;

// provide confidential client details for client_id and client_secret
OAuthClient oauthClient = new OAuthClient(YOUR_TENANT_URL, YOUR_OAUTH_APPLICATION_ID, YOUR_CONFIDENTIAL_CLIENT_ID, YOUR_CONFIDENTIAL_CLIENT_SECRET);

Step 2: Get the tokens

Use the oauthClient instance to call the following builder methods and execute the request to receive tokens.

TokenHolder tokenHolder = oauthClient.requestTokenWithClientCreds()
    .setGrantType("client_creds")
    .setScope(YOUR_SCOPE)
    .execute();
{
  access_token: "YOUR_ACCESS_TOKEN",
  expires_in: 18000,
  scope: "all",
  token_type: "Bearer"
}

Common Methods

For common methods, such as refreshToken, revokeToken and claims, refer to CyberArk Identity Java SDK reference.