As I understand it, oauth2 client credential grant type should be used in a case where some client app/service needs access to some resource without user interaction.
This sounds good also in a case where the client is an external client and the resource service is a public API service.
Please correct me if I’m wrong, or if there is a “better” or more “standard” way.
I’m trying to find some resource that explains how to use keycloak for such case, but the only one I found is this stack-overflow answer.
As I understand, I need to create a client for my Public API service with “Service Accounts Enabled: ON”. And a bearer-only client for each external client that want to access to the public API. Am I right?
Please advice, Thanks!