Skip to main content
Use this for server-to-server or API-to-API authentication using the OAuth 2.0 Client Credentials flow. This is common for backend APIs that don’t have human users.

What to provide

Client ID: your-client-id
Client Secret: your-client-secret
Token URL: https://auth.example.com/oauth/token
Scope: read write admin

How it works

Mjolnir will POST to your token URL with the client credentials to obtain an access token, then use that token to authenticate API requests. A typical token request looks like: 
POST /oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=your-client-id
&client_secret=your-client-secret
&scope=read write

Multiple client credentials for role testing

If your application issues different client credentials with different permission scopes, add a separate test user for each. Mjolnir will use them to test whether one client can access resources scoped to another.