OIDC and id tokens with the client_credentials grant?

[opobla]

Hello!

I am trying to use the client_credentials grant to authenticate apps so they can call the endpoints of other resource servers implemented with the Django REST framework.

As far as I understand, the token obtained at the /token endpoint of the authorization server is of the opaque type. This token is passed as a bearer token in the Authorization header of the requests made to the resource server. The resource server, in turn, calls the /introspection endpoint of the authorization server to validate that the token is still valid.

Instead of using the introspection endpoint with these opaque tokens, I would like to switch to JWT ID tokens, whose validity could be checked using their RS256 signature. I would also like to leverage the OIDC discovery mechanism to find the issuer's key.

In summary, what I think I need is the OIDC client_credentials grant. However, from the docs (https://django-oauth-toolkit.readthedocs.io/en/latest/oidc.html#openid-connect-support), it seems it is not supported. So my question is: how could I implement this flow and obtain a JWT ID token using the client credentials grant?

Thanks a lot for your help!