When a client application is accessing Windchill using OAuth 2.0, the OAuth token must be obtained using a standard OAuth grant flow. Windchill supports both the Client Credentials flow for non-interactive clients (M2M) and the delegated authorization code flow for interactive clients. Applications or mashups built on the ThingWorx platform will use the delegated authorization code flow. If the user grants the application permission to access their Windchill data, then the application will present an access token to Windchill when requesting data owned by the user. PTC products affix scopes to access tokens to further protect and manage access to resources. In Windchill, scopes must be registered in the securityContext.properties file.