OAuth - Resource Owner Password Credentials

OAuth - Resource Owner Password Credentials

About

password credentials (ie login+password in OAuth.

Resource owner password credentials is a OAuth grant type flow

The resource owner password credentials can be used directly as an authorization grant to obtain an access token.

Articles Related

Pros and cons

The credentials should only be used when:

there is a high degree of trust between the resource owner and the client (e.g., the client is part of the device operating system or a highly privileged application)
other authorization grant types are not available (such as an authorization code).

Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single request and are exchanged for an access token.

This grant type can eliminate the need for the client to store the resource owner credentials for future use, by exchanging the credentials with a long-lived access token or refresh token.

Documentation / Reference

https://tools.ietf.org/html/rfc6749#section-1.3.3

Recommended Pages

Oauth - Authorization Grant (Resource Owner Authorization|Authorization Credentials)

Oauth - Authorization Grant (Resource Owner Authorization|Authorization Credentials) About An Authorization Grant is a credential representing the resource owner's authorization to access its protec "...

Oauth - Flow (Abstract Protocol Flow)

The abstract OAuth 2.0 flow describes the interaction between the four roles. Type For each type of grant, you got a flow: Authorization Code Resource Owner Password Credentials Implicit Client Cr "...

Security - (Identity+Authenticator=Credential)

Identity is typically an account’s user name such as: the Security Accounts Manager (SAM) account name or the User Principal Name (UPN). To prove their identity, a secret information called the a "...

Share this page: