Client
A client represents service to service credentials for machine authentication. Clients allow backend services to authenticate with Auth and access APIs without a user present.
How It Works
A client gets a client_id and client_secret. Send them as Authorization: Basic base64(client_id:client_secret) or form fields to the token endpoint to receive a JWT. Standard OAuth 2.1 client credentials.
Properties
| Property | Purpose |
|---|---|
| Name | Identifier for the service |
| Secret hash | Hashed client secret for authentication |
| Expiration | Optional expiry date for the credentials |
| User | The system user identity associated with this client |
Use Cases
| Scenario | Example |
|---|---|
| Service communication | Bookable Server calling Auth to validate claims |
| Background jobs | Sync Service fetching user data without a logged in user |
| External integrations | Third party services accessing the Samna API |
Security
Client secrets are stored as hashes and never returned in plain text after creation. Clients can have optional expiration dates to enforce credential rotation. Each client is associated with a system user identity so that its actions are tracked in the audit log.