The OAuth 2.0 client credentials grant flow allows a web service (confidential client) to use its own credentials, rather than impersonating a user, to authenticate when calling another web service. This grant type can be used to access web-hosted resources using the identity of an application. It is commonly used for server-to-server interactions that run in the background without immediate user interaction, often referred to as daemons or service accounts.

In the client credentials flow, permissions are granted directly to the application by an administrator. When the app presents a token to a resource, the resource ensures that the app itself has authorization to perform the action, as no user is involved in the authentication.