OAuth - Resource Owner Password Credentials

> Software Security > (Authentication|Access control|Identification) - AuthN > Oauth 2.0 - Authorization framework

1 - About

password credentials (ie login+password in OAuth.

Resource owner password credentials is a OAuth grant type

The resource owner password credentials can be used directly as an authorization grant to obtain an access token.

Advertising

3 - Pros and cons

The credentials should only be used when:

Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single request and are exchanged for an access token.

This grant type can eliminate the need for the client to store the resource owner credentials for future use, by exchanging the credentials with a long-lived access token or refresh token.

4 - Documentation / Reference

security/auth/oauth/password.txt · Last modified: 2019/04/25 16:15 by gerardnico