OAuth - Resource Owner Password Credentials / Password Credentials Flow

Oauth

About

This page is about the authentication via the password credentials (ie login+password) in OAuth.

This type of authentication is known in Oauth as:

  • the Password Credentials Flow.
  • the Resource owner password credentials grant type

The resource owner password credentials is:

Sequence

This sequence is adapted for the password flow but will work for all other direct flow that ask for any other type of credentials.

The Flow has a Sequence Diagram:

sequenceDiagram participant Cli as Client (App) participant RO as Resource Owner (User) participant AS as Authorization Server participant RS as Resource Server Cli->>RO: (A) Send a Authorization Request
(Present a login form) RO->>Cli: (B) Get a Authorization Grant
(Get the login/password) Cli->>AS: (C) Send the Authorization Grant AS->>Cli: (D) Get a Access Token Cli->>RS: (E) Send the Access Token RS->>Cli: (F) Get the Protected Resource

where:

Pros and cons

The credentials should only be used when:

Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single request and are exchanged for an access token.

This grant type can eliminate the need for the client to store the resource owner credentials for future use, by exchanging the credentials with a long-lived access token or refresh token.

Documentation / Reference





Discover More
Oauth
Oauth - Authorization Grant (Resource Owner Authorization|Authorization Credentials)

An Authorization Grant is a credential representing the resource owner's authorization to access its protected resources. The flow for each type of grant is expressed using grant type: one of four...
Oauth
Oauth - Flow (Abstract Protocol Flow)

The abstract OAuth 2.0 flow describes the interaction between the four roles. For each type of grant, you got a flow: Type / Flow Description Client Type (Public / Private) Direction Type Redirection...
What are Credentials also known as identification tokens or authenticators ?

Credentials are electronic information that is used to verify an identity. They are provided by client application (ie user, browser, application) to prove their identity Credentials are also known as:...



Share this page:
Follow us:
Task Runner