We currently use Cognito user pools for traditional web application authentication and considering client credentials grant flow to provide external companies access to our APIs.

My understanding is we will have to create app clients for third parties and provide them with id and secret so they can request access tokens.

I wanted to confirm if this is an appropriate use case? And its not just for internal apps to communicate with each other? Also, is it advisable to share the token endpoints or provide some sort of proxy to that?