diff --git a/server/handlers.go b/server/handlers.go index 6578a12e47..2e6bc08300 100755 --- a/server/handlers.go +++ b/server/handlers.go @@ -1029,7 +1029,13 @@ func (s *Server) handleClientCredentialsGrant(w http.ResponseWriter, r *http.Req claims := storage.Claims{UserID: client.ID} - accessToken := storage.NewID() + accessToken, err := s.newAccessToken(client.ID, claims, scopes, nonce, "client") + if err != nil { + s.logger.Errorf("failed to create new access token: %v", err) + s.tokenErrHelper(w, errServerError, err.Error(), http.StatusInternalServerError) + return + } + idToken, expiry, err := s.newIDToken(client.ID, claims, scopes, nonce, accessToken, "", "client") if err != nil { s.tokenErrHelper(w, errServerError, fmt.Sprintf("failed to create ID token: %v", err), http.StatusInternalServerError) diff --git a/server/server.go b/server/server.go index 6b653fdbce..a03fa47ebf 100755 --- a/server/server.go +++ b/server/server.go @@ -223,7 +223,12 @@ func newServer(ctx context.Context, c Config, rotationStrategy rotationStrategy) supportedRes[respType] = true } - supportedGrant := []string{grantTypeAuthorizationCode, grantTypeRefreshToken, grantTypeDeviceCode} // default + supportedGrant := []string{ + grantTypeAuthorizationCode, + grantTypeRefreshToken, + grantTypeDeviceCode, + grantTypeClientCredentials, + } // default if c.PasswordConnector != "" { supportedGrant = append(supportedGrant, grantTypePassword) }