I have to communicate through REST two internal applications, I don't need to use user credentials. Is it possible to authenticate using only cliend_id and client_secret keys?
If this is not possible with OAuth
Thanks in advance to all
Is it possible to authenticate using only cliend_id and client_secret keys?
No. The Client ID and Client Secret only identify the project/account. They do not identify a user or an identity.
The Client ID is public. The Client Secret must be secret. If you sent the Client Secret to the other service, it would no longer be secret. However, the Client Secret could be used as a secret key if both sides are controlled by you and secure. However, in that case, you could just generate a secret key with a random number generator and not bother with OAuth client secrets.
For service-to-service authorization, you will typically use a Signed JWT that is included in the HTTP authorization: bearer header.
There are many techniques including secret keys, encrypting data, etc. The selection of technique depends on information not included in your question such as processor performance, security details, desired architecture, key rotation, public/private key availability, etc.