I'm attempting to access some CLM resources for monitoring from an external web application.  I have JAS successfully configured and am wondering what the best way is to authenticate.  Here's what I did:

1)  Registered a new client with mkclient -u user:password.  I did this because I don't know the client secret for the RM application I'm trying to access, and changing the secret through the rm/admin -> Advanced Properties seemed to break the application.
2)  Noted the client ID and secret
3)  Encoded the client:secret in Base64
4)  POST to https://localhost:9643/oidc/endpoint/jazzop/token?grant_type=client_credentials  with the following headers:

Authorization: Basic <encoded client:secret>
Scope: general

The response from the server is:

{"error":"unsupported_grant_type","error_description":"CWOAU0025E: The grant_type parameter was invalid: client_credentials"}

The JSA log has this:

[9/6/16 19:08:06:597 EDT] 00000a13 com.ibm.ws.security.oauth20.web.ClientAuthentication         E CWOAU0038E: The client could not be verified. Either the client ID: null or client secret is incorrect.

I wonder if client_credentials is even the best method or not, given I'm not sure what resources I'd be able to access with the client I created using the mkclient utility. 

Is there a better way of authenticating from an external web application, perhaps using the "password" grant type?  Any information that could be provided on this would be helpful.  Thanks,