OAuth - Resource Owner Password Credentials

1 - About

password credentials (ie login+password in OAuth.

Resource owner password credentials is a OAuth grant type flow

The resource owner password credentials can be used directly as an authorization grant to obtain an access token.

3 - Pros and cons

The credentials should only be used when:

  • there is a high degree of trust between the resource owner and the client (e.g., the client is part of the device operating system or a highly privileged application)
  • other authorization grant types are not available (such as an authorization code).

Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single request and are exchanged for an access token.

This grant type can eliminate the need for the client to store the resource owner credentials for future use, by exchanging the credentials with a long-lived access token or refresh token.

4 - Documentation / Reference

Data Science
Data Analysis
Data Science
Linear Algebra Mathematics

Powered by ComboStrap