Recommended use
The resource owner password credentials grant type is suitable in cases where the resource owner has a trust relationship with the client (e.g., a service’s own mobile client) and in situations where the client can obtain the resource owner’s credentials.
...
Instead of redirecting the user to the authorization server, the client itself will ask the user for the resource owner's username and password. The client will then send these credentials to the authorisation authorization server along with the client’s own credentials.
The diagram below illustrates the resource owner password credentials grant flow.
Support for refresh token grant - Yes
The cURL commands below can be used to try this grant type.
| Code Block | ||
|---|---|---|
| ||
curl -v -X POST -H "Authorization: Basic <base64 encoded client id:client secret value>" -k -d "grant_type=password&username=<username>&password=<password>" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token |
Or
| Code Block | ||
|---|---|---|
| ||
curl -u <client id>:<client secret> -k -d "grant_type=password&username=<username>&password=<password>" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token |
You will receive a response similiar similar to the format below.
| Code Block | ||
|---|---|---|
| ||
{"token_type":"Bearer","expires_in":2510,"refresh_token":"5ba3dedc77581df5f84f9b228eef0b91","access_token":"ca19a540f544777860e44e75f605d927"} |
...