I'm trying to understand Microservice architecture using OAuth2.0. I've understood about how OAuth2.0 works. I saw one of the grant type is Client credentials, which it requires client id and client secret key and with that help it will generate a access token.
This may be a stupid question, but still I'm not able to understand how to integrate it into my application.
I've 10 clients who are trying to call my API gateway.
Do the customers should have different client credentials? Do they need to call the Authorization server to generate the access token? or do they send the client credentials to the API gateway to generate the access token and proceed further?
Where should be the client credentials stored?
Please help me in understanding.
Thank you very much.
What type of clients are they?
In either case:
For back end API clients you would configure a client id and secret for each of them in the Authorization Server, then send it to each customer as part of onboarding them.