Reference pages
Use these pages as reference documentation when implementing the password credentials grant flow in your application. Adapted from The OAuth 2.0 Authorization Framework specification [RFC 6749].
An overview of the resource owner password credentials grant
Figure 5 from RFC 6749
The steps are as follows:
- A: The user provides the client application with their username and password.
- B: The client requests an access token from the service provider's token endpoint using the credentials received from the user. During this step, the client application authenticates with the service provider as well.
- C: The service provider authenticates the client and validates the user credentials received, and if valid, issues an access token.
Authorization request and response
The method through which the client obtains the user's credentials is beyond the scope of the specification. Once an access token has been obtained, these credentials must then be discarded.
Access token request
The client...
