BackendApplicationClient

class oauthlib.oauth2.BackendApplicationClient(client_id, default_token_placement='auth_header', token_type='Bearer', access_token=None, refresh_token=None, mac_key=None, mac_algorithm=None, token=None, scope=None, state=None, redirect_url=None, state_generator=<function generate_token>, code_verifier=None, code_challenge=None, code_challenge_method=None, **kwargs)[source]

A public client utilizing the client credentials grant workflow.

The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control, or those of another resource owner which has been previously arranged with the authorization server (the method of which is beyond the scope of this specification).

The client credentials grant type MUST only be used by confidential clients.

Since the client authentication is used as the authorization grant, no additional authorization request is needed.

prepare_request_body(body='', scope=None, include_client_id=False, **kwargs)[source]

Add the client credentials to the request body.

The client makes a request to the token endpoint by adding the following parameters using the “application/x-www-form-urlencoded” format per Appendix B in the HTTP request entity-body:

Parameters:
  • body – Existing request body (URL encoded string) to embed parameters into. This may contain extra paramters. Default ‘’.
  • scope – The scope of the access request as described by Section 3.3.
  • include_client_id (Boolean) – True to send the client_id in the body of the upstream request. This is required if the client is not authenticating with the authorization server as described in Section 3.2.1. False otherwise (default).
  • kwargs – Extra credentials to include in the token request.

The client MUST authenticate with the authorization server as described in Section 3.2.1.

The prepared body will include all provided credentials as well as the grant_type parameter set to client_credentials:

>>> from oauthlib.oauth2 import BackendApplicationClient
>>> client = BackendApplicationClient('your_id')
>>> client.prepare_request_body(scope=['hello', 'world'])
'grant_type=client_credentials&scope=hello+world'