1. Administering Oracle Cloud Identity Management
  2. Securing Authorizations in Oracle Cloud
  3. Step-by-Step Workflow of the Resource Owner Password Credentials Grant

Step-by-Step Workflow of the Resource Owner Password Credentials Grant

The resource owner password credentials grant workflow allows for the exchanging of the user name and password of a user for an access token.

When using the resource owner password credentials grant, the user provides the credentials (user name and password) directly to the application. The application then uses the credentials to obtain an access token from the service.

Workflow of Resource Owner Password Credentials Grant

  1. Obtain user credentials: The user provides the credentials to the application. The user credentials are the resource owner’s user name and password.

  2. Request an access token: The user credentials are exchanged for an access token. The client application makes a request to the authorization server and includes the user's credentials and either the client credentials or a client assertion. The client application can use an already-generated client assertion or build a new assertion.

    Obtain an access token by using different scenarios in the resource owner password credentials workflow:

  3. Receive an access token from the authorization server: The authorization server authenticates the client based on the client identifier and secret, determines whether it’s authorized for making this request, and verifies that the resource owner credentials and other parameters are supplied. If everything is verified successfully, then the authorization server returns an access token in the response. This is described in Successful Authorization.

    If the authorization request fails for any reason, then the authorization server returns a response containing the information about the error. This is described in Authorization Error.

  4. Use the access token to make a service request: The OAuth client makes a REST API call to the resource server using the access token to access the protected resource.

  5. Send a response: The resource server sends a response to the service request.

  6. Grant access to the resource: The enduser or service gets access to the protected resource.