Use Authorization Code when the agent acts for a user and must inherit that user’s permissions. Use Client Credentials when the agent acts as a system identity for machine-to-machine work. The decision should follow the identity being governed, not the engineering team’s preferred integration pattern.
Why This Matters for Security Teams
The choice between Authorization Code and Client Credentials is not just an OAuth implementation detail. It determines whether the organisation is governing a user-bound delegated session or a machine-bound workload identity. That difference changes auditability, approval paths, token lifetime, and blast radius. Current guidance from the OWASP Non-Human Identity Top 10 and NIST’s identity guidance makes the same core point: identity must match the actor and the risk, not the convenience of the integration pattern.
This matters because teams often misclassify a workload as a user workflow, or vice versa, and then compensate with broad scopes and long-lived refresh tokens. That creates hidden privilege, weak attribution, and hard-to-detect abuse when an app or agent is compromised. The Ultimate Guide to NHIs — Static vs Dynamic Secrets is a useful reminder that static credentials and loosely governed tokens do not age well in production. In practice, many security teams encounter privilege misuse only after a token has already been reused outside its intended flow, rather than through intentional design review.
How It Works in Practice
authorization code flow is the right fit when an application, agent, or automation is acting on behalf of a human user and must inherit that user’s consent and permissions. The user authenticates, the system receives an authorization code, and the token exchange produces access tokens tied to that delegated context. Client Credentials is different: the application presents its own client identity to obtain tokens for machine-to-machine work, with no user present and no user consent step. In other words, Authorization Code governs delegated access; Client Credentials governs workload access.
For security teams, the operational decision should start with four questions: who is the subject of the action, whether the action is user-driven or autonomous, whether the target API expects delegation, and whether the workload needs its own service identity. When the answer is “user present,” Authorization Code is usually the safer path because scopes and consent can be tied to that user session. When the answer is “system to system,” Client Credentials is usually cleaner because it avoids pretending a service is a person.
- Use Authorization Code when the actor must inherit user permissions and auditing must point back to that user.
- Use Client Credentials when the actor is a service, daemon, or agent with its own workload identity.
- Prefer short-lived tokens and narrow scopes in both cases, especially for non-human identities.
- Review whether the integration needs NIST SP 800-53 Rev 5 Security and Privacy Controls controls for access enforcement, logging, and revocation.
For organisations dealing with OAuth sprawl, the risk is not theoretical. NHIMG’s coverage of the Salesloft OAuth token breach shows how OAuth artifacts can become a path to data access when token scope and governance are weak. These controls tend to break down when a single integration mixes human delegation and backend automation in the same token path because attribution and least privilege become ambiguous.
Common Variations and Edge Cases
Tighter OAuth scoping often increases integration complexity, requiring organisations to balance developer convenience against identity precision. Best practice is evolving, but there is no universal standard for every mixed workflow yet, especially in platforms that combine human approval, background jobs, and autonomous agents.
One common edge case is “user initiated, system completed.” If a user starts a workflow but a backend service finishes it later, the organisation may need both flows: Authorization Code for the user-facing step and Client Credentials for the asynchronous processing step. Another case is shared API access across many tenants or environments, where Client Credentials may be appropriate but must be paired with strong workload identity and strict audience restrictions. For agents and automated workflows, the question should not be “which OAuth flow is easiest?” but “which identity is being governed at the point of action?”
NHIMG’s Guide to the Secret Sprawl Challenge is relevant here because token misuse often travels with secret sprawl, especially when teams reuse service credentials across multiple applications. NIST’s NIST SP 800-63 Digital Identity Guidelines also reinforces that assurance and identity binding should match the subject being authenticated. Organisations should treat mixed-mode OAuth designs as a governance exception, not a default pattern.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | OAuth flow choice depends on whether the identity is human-delegated or machine-bound. |
| OWASP Agentic AI Top 10 | A-03 | Agents often mix delegated and autonomous actions, creating OAuth selection risk. |
| CSA MAESTRO | IAM-1 | MAESTRO addresses identity and access governance for agentic and workload access. |
| NIST AI RMF | AI risk management requires clear accountability for autonomous and delegated actions. | |
| NIST CSF 2.0 | PR.AC-4 | Access permissions should reflect least privilege for the actual identity type. |
Bind agent actions to the correct runtime identity and avoid reusing user tokens for autonomous execution.