When a web application needs to access an OAuth-secured API, it can use the OAuth authorization code flow (aka 3-legged OAuth or 3LO) to obtain access tokens and access the API on the user’s behalf. That’s great for scenarios where an end user is involved, but rarely applicable for unattended applications such as Windows services. When an unattended application needs to obtain OAuth credentials for itself, we have to use the client credentials flow and let the application provide some sor...
