Password Credential Flow

Endpoint for password credential flow.

The password flow is used when you want to access the target services from an application that requires a username and password. When any application such as a web or mobile application is launched, and prompts for a username and password, the user credentials are verified by an identity service provider and exchanged for an access token.

The OAuth server validates the credentials before issuing the access token. After the access token is issued, the access token is the key to access the target services.

See Password Credential for details.

The password credential flow requires the following information to send an access token request:

  • Client ID
  • Client Secret
  • Username
  • Password
  • grant_type

Use the following endpoint to request an access token:

Token Request Endpoint for Password Flow
Method URL
POST http://ASGServerHost:httpPort/asg/oauth2/access_token?grant_type=password&client_id=CLIENT_ID_VALUE&client_secret=CLIENT_SECRET_VALUE&username=USERNAME&password=PASSWORD

For example,

http://demoserverapi.tibco.com:9322/asg/oauth2/access_token?grant_type=client&client_id=237-924f4a26-f1a5-4934-a17a-69c22bd52dbe&client_secret=809950e0-c21c-4f84-8dab-239dba1c3187&username=john123&password=asgoauth2014

where,

  • ASGServerHost is the machine running the Core Engine.
  • httpPort is the port value for HTTP transport.
  • CLIENT_ID_VALUE is the client ID of the registered application.
  • CLIENT_SECRET_VALUE is the client secret of the registered application.
  • USERNAME is the username required for application.
  • PASSWORD is the password required for application.