Scope
Enable the OAuth 2.0 client credentials grant in django-oauth-toolkit. This is a general M2M capability, not SCIM-specific — any machine client (CI/CD, internal tooling, IdP SCIM clients) benefits from short-lived tokens over static API keys.
- Enable
client-credentials grant type in OAUTH2_PROVIDER settings.
- Add
client_credentials to grant_types_supported in the authorization server metadata endpoint.
- Allow creating OAuth Applications with the
client-credentials grant type (via Django admin or API).
- Define a
scim scope in OAUTH2_PROVIDER["SCOPES"].
Acceptance criteria
- An OAuth Application with
client-credentials grant type can be created.
- A POST to
/o/token/ with grant_type=client_credentials, valid client_id/client_secret, and scope=scim returns a short-lived access token.
- The authorization server metadata endpoint lists
client_credentials in grant_types_supported.
- Existing OAuth flows (Authorization Code + PKCE) are unaffected.
Scope
Enable the OAuth 2.0 client credentials grant in django-oauth-toolkit. This is a general M2M capability, not SCIM-specific — any machine client (CI/CD, internal tooling, IdP SCIM clients) benefits from short-lived tokens over static API keys.
client-credentialsgrant type inOAUTH2_PROVIDERsettings.client_credentialstogrant_types_supportedin the authorization server metadata endpoint.client-credentialsgrant type (via Django admin or API).scimscope inOAUTH2_PROVIDER["SCOPES"].Acceptance criteria
client-credentialsgrant type can be created./o/token/withgrant_type=client_credentials, valid client_id/client_secret, andscope=scimreturns a short-lived access token.client_credentialsingrant_types_supported.