Using the Password grant type for client apps provided by the OAuth 2 server
Sometimes, we are developing native mobile applications that belong to the same solution provided by the server application. Regarding this scenario, users will present their credentials in any case, and these credentials will be the same as those used to authenticate the user at the server side. When faced with such a scenario, instead of storing the user's credentials, our application can exchange them for an access token at the server side (which must be an OAuth 2.0 Provider). Although the access token is also sensitive, it can be maintained in memory or by using some kind of strategy such as a key chain. Even so, access tokens are easily manageable and can have a short life. This recipe presents you with how you can use the Resource Owner Password Credentials grant type to allow the application to exchange user credentials for an OAuth 2.0 access token.
Getting ready
To run this recipe you need the server application...
