This page is about the authentication via the password credentials (ie login+password) in OAuth.
This type of authentication is known in Oauth as:
The resource owner password credentials is:
This sequence is adapted for the password flow but will work for all other direct flow that ask for any other type of credentials.
The Flow has a Sequence Diagram:
where:
The credentials should only be used when:
Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single request and are exchanged for an access token.
This grant type can eliminate the need for the client to store the resource owner credentials for future use, by exchanging the credentials with a long-lived access token or refresh token.