This is one the simplest grant to implement. The client application sends credentials (the client's service account), along with client_ID and client_secret, to the authorization server. If the supplied values are valid, the authorization server sends the Access Token, which can be used to get access to the secured resources.