Resource Owner Password Credentials Grant Type
Use this grant type when the resource owner has a trust relationship with the client, such as a computer operating system or a highly privileged application, because the client must discard the password after using it to obtain the access token.
The following diagram displays the Resource Owner Password Credentials Grant Type flow.
![A diagram that illustrates the Resource Owner Password Credentials Grant Type flow. A diagram that illustrates the Resource Owner Password Credentials Grant Type flow.](images/diag2_owner_pass_creds_granttype.png)
In this OAuth flow:
-
User clicks a link in the client application requesting access to protected resources.
-
The client application requests the resource owner's user name and password.
-
The user logs in with their user name and password.
-
The client application exchanges those credentials for an access token, and often a refresh token, from the Oracle Identity Cloud Service Authorization Server.
-
Oracle Identity Cloud Service Authorization Server returns the access token to the client application.
-
The client application uses the access token in an API call to obtain protected data, such as a list of users.
Function | Available |
---|---|
Requires client authentication | No |
Requires client to have knowledge of user credentials | Yes |
Browser-based end user interaction | No |
Can use an external Identity Provider for authentication | No |
Refresh token is allowed | Yes |
Access token is in the context of the end user | Yes |
See an example Resource Owner Password Grant Type authorization flow.