class oauthlib.oauth2.BackendApplicationClient(client_id, default_token_placement='auth_header', token_type='Bearer', access_token=None, refresh_token=None, mac_key=None, mac_algorithm=None, token=None, scope=None, state=None, redirect_url=None, state_generator=<function generate_token>, **kwargs)[source]

A public client utilizing the client credentials grant workflow.

The client can request an access token using only its client credentials (or other supported means of authentication) when the client is requesting access to the protected resources under its control, or those of another resource owner which has been previously arranged with the authorization server (the method of which is beyond the scope of this specification).

The client credentials grant type MUST only be used by confidential clients.

Since the client authentication is used as the authorization grant, no additional authorization request is needed.

prepare_request_body(body='', scope=None, **kwargs)[source]

Add the client credentials to the request body.

The client makes a request to the token endpoint by adding the following parameters using the “application/x-www-form-urlencoded” format per Appendix B in the HTTP request entity-body:

  • scope – The scope of the access request as described by Section 3.3.
  • kwargs – Extra credentials to include in the token request.

The client MUST authenticate with the authorization server as described in Section 3.2.1.

The prepared body will include all provided credentials as well as the grant_type parameter set to client_credentials:

>>> from oauthlib.oauth2 import BackendApplicationClient
>>> client = BackendApplicationClient('your_id')
>>> client.prepare_request_body(scope=['hello', 'world'])