I see many examples where public API’s using the client_credentials flow. I am just wondering how this might be useful when i want to know about the identity of the user. This flow involves no end user so there is no user information available.
For example a customer of mine wants to access my API via a shell skript. He’s using the client_credentials flow. But at the API endpoint all i can say is okay the access token is valid but i don’t know WHO the caller is without maintaining a seperate list from CLIENT_ID to the customer.
1. How is this done in practice ?
2 .Does that mean i would need a seperate CLIENT for each customer ? What if i have a million customers ?
3. How can my API run in context of the user without having identity information ?