OAuth2 Client Credentials – for when YOUR application is accessing resources in YOUR account (not somebody else’s)

OAuth2 Client Credentials can be used for authentication when you own the application, and you also own the account (such as Office 365, or Google, etc.) that your application will access. In other words, YOUR application is simply accessing resources in YOUR account, and YOU are the application user (or your application is running as a service or background process). In this case, it shouldn’t be necessary for your application to display a browser to interactively get authorization from the account owner (Office365, Google, etc.) to access the data in the account.

If this fits your use case, i.e. you are not providing an application for others to use to access resources in their accounts, which you do not own, then you should always look for the “client credentials” OAuth2 solution.

Setting up an App Registration in the web portal, such as in Azure, may require specific settings to allow for client credentials. For example, an Azure App Registration would need to be assigned Application Permissions to define what is allowed. In other OAuth2 grant types, the permissions are defined in the “scope” when interactively getting authorization from the account owner. With client credentials, the permissions are pre-defined with the application.