Resource Owner Password Grant

Resource Owner Password Grant

May 28, 2024 | seedling, permanent

tags :

Grant Types or OAuth flow in OAuth2 #

Description #

  • Involves the client receiving the user’s credentials to obtain an access token.
  • User enters user name and password in the application, instead of in IdP or authorization server
  • Earlier ,almost a decode ago, this was common
    • IM aggregators
    • fintech PFM aggregators

Use Cases #

  • Legacy systems
  • Trusted clients

Security #

  • Less secure, risks credential exposure and phishing attacks.

Links to this note

Calendar May 29, 2024

Go to random page

Previous Next