There's more...

This grant type is supposed to be used by applications that do not access resources on behalf of any Resource Owner, but for their own purposes. It has been adopted for the current ecosystem of microservices, because it's easy to rotate access tokens by using refresh tokens and it's also easy to use the dynamic registration process, automating all the process when integrating services. It does not need to be only interactions between microservices, but also include with third-party applications despite the fact of issuing an access token manually for any given client (it depends on the scenario of course, because if you have too much clients it would be impossible to manage client registration manually).

Regarding the fact of many small services talking to each other in such a way that we have many access token validations, it's important to consider the strategy used for token validation because such an approach might be faced by performance issues. Take a look at the final recipe in this chapter to learn how to create a load testing application, using Gatling to measure the response times when validating access tokens.