I was able to implement the client credentials grant flow to restrict access to my API in GAE. It was relatively straightforward, it works well, but it doesn’t seem like the origin URLs setting of the client is respected in this flow. How do I tie a client ID to a specific URL, so that requests for the access token coming from other URLs are denied?
This is not relevant for client credentials grant. There is no user interaction in my authentication flow.
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?