OAuth - Resource Owner Password Credentials
Table of Contents
About
password credentials (ie login+password in OAuth.
Resource owner password credentials is a OAuth grant type flow
The resource owner password credentials can be used directly as an authorization grant to obtain an access token.
Articles Related
Pros and cons
The credentials should only be used when:
- there is a high degree of trust between the resource owner and the client (e.g., the client is part of the device operating system or a highly privileged application)
- other authorization grant types are not available (such as an authorization code).
Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single request and are exchanged for an access token.
This grant type can eliminate the need for the client to store the resource owner credentials for future use, by exchanging the credentials with a long-lived access token or refresh token.