I get the client credential flow but how does the client get initially identified or authenticated for the first time of accessing the protected resource?
If it was a
