Overview#

The Resource Owner Password Credentials Grant can be used directly as an Authorization Grant to obtain an Access Token.

The credentials should only be used when there is a high degree of trust between the Resource Owner and the OAuth Client (e.g., the client is part of the device operating system or a highly privileged application), and when other authorization Grant Types are not available.

Even though this Grant Type requires direct OAuth Client access to the Resource Owner credentials, the Resource Owner credentials are used for a single request and are exchanged for an Access Token. This Grant Type can eliminate the need for the client to store the Resource Owner credentials for future use, by exchanging the credentials with a long-lived Access Token or Refresh Token.[1]

Resource Owner Password Credentials Grant is typically used to convert legacy systems to OAuth 2.0 and no more secure than Basic Authentication Scheme.

Resource Owner Password Credentials Grant is intended to be used when no other Grant Types are available and ONLY when there is a high degree of trust between the Resource Owner and the OAuth Client .

Features#

Token_endpoint#

The OAuth Client sends the request to the token_endpoint of the Authorization Server and includes: A successful response is with Access Token and Refresh Token.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
jpg
OAuth2 — Resource Owner Passwo... 35.6 kB 3 16-Nov-2017 00:24 jim Resource Owner Password Credential Grant
« This page (revision-9) was last changed on 16-Nov-2017 00:26 by jim