# Client Credentials Flow
Unlike other flows, there are some differences to note about Client Credentials Flow:
- It does not go through the authorization (`authorize`) endpoint
    - Instead it directly request a token from the `token` endpoint using the application's `client_secret`
- It does not require user interaction/input
- It is most often used in Server-To-Server or Service-To-Service (STS) scenarios
    - Background services and daemons that usually do not interact with users.
- The application is no longer impersonating a user, instead is using it's own identity
- Refresh tokens are never granted with this flow, since the resource can alway get another one using it's credentials

> [!WARNING] ⚠ Since this flow uses the client credentials, you must make sure not to expose them within your code, else a possibly not so friendly user might use them as well to login as that identity!

In [None]:
import sys
sys.path.append('../')
import OAuth2_Flows
import pyperclip

Like other flows we need to provide the tenant id, client id, and scope:

In [None]:
tenant_id = 'YOUR_TENANT_ID'
client_id = 'YOUR_CLIENT_ID'
scope = 'https://graph.microsoft.com/.default'

We also need to provide the client_secret, since we are signing in as the client/application it self and not a user:

In [None]:
#client_secret = 'YOUR_SECRET'
client_secret = input('Enter your client secret: ')

Now we send our request with our parameters to the `/token` endpoint.

In [None]:
access_token = OAuth2_Flows.client_credentials_flow(client_id, tenant_id, scope, client_secret)
pyperclip.copy(access_token)
print(f'Access Token:\n{access_token}')

---    

# Requesting admin consent
// Line breaks are for legibility only.
```HTTP
GET https://login.microsoftonline.com/{tenant}/adminconsent?
client_id=00001111-aaaa-2222-bbbb-3333cccc4444
&state=12345
&redirect_uri=http://localhost/myapp/permissions
```