OAuth 2.0 Basics – Client Credentials Flow

It is a string value that contains a token. The token is sufficient for a resource to allow access to.

OAuth is used for either user to API or app to API authentication to resources protected by the API.

• An OAuth 2.0 access token is a string that grants temporary access to an API.
• An OAuth 2.0 server to server token allows long lived access.

Each token comes with a scope. The scope defines what actions (Read, Read Write….) it is allowed to do with the API.

Set the token in the Authorization request header with the value Bearer ACCESS_TOKEN.

This is a specific type of OAuth use case that allows servers (apps on servers) to request tokens without involving human users.

The client_id and client_secret (provided during app registration) are exchanged for an access token.

This is typically a long lived token. There is no refresh token here – the app simply re-requests a new access token on expiry.

Either through the HTTP Authorization header or a query parameter. The exact option is determined by the API support.

https://www.googleapis.com/auth/bigquery.insertdata	Insert data into Google BigQuery
https://www.googleapis.com/auth/bigquery.readonly	View your data in Google BigQuery
https://www.googleapis.com/auth/cloud-platform	View and manage your data across Google Cloud Platform services
https://www.googleapis.com/auth/cloud-platform.read-only	View your data across Google Cloud Platform services
https://www.googleapis.com/auth/devstorage.full_control	Manage your data and permissions in Google Cloud Storage
https://www.googleapis.com/auth/devstorage.read_only	View your data in Google Cloud Storage
https://www.googleapis.com/auth/devstorage.read_write	Manage your data in Google Cloud Storage