Password Credential

In the password credential flow, the owner of the data is the user who is using the application. The difference between the password credential flow use case and authorization code flow use case is that the application has access to the user's credential. This use case usually applies to application design for mobile device where user credential is stored on the mobile device.

For details of password credential flow, refer to "Resource Owner Password Credentials Grant,"Section 4.3 of RFC 6749, in The OAuth 2.0 Authorization Framework" available at the following location:

https://tools.ietf.org/html/draft-ietf-oauth-v2-31

The following is an example scenario of this flow:

• A user uses an application on a mobile device that accesses the photos uploaded to an OAuth server.
• The user uses the application to view the uploaded photos.
• The application requests an access token using password flow before retrieving the photo.

Refer to the following APIs:

• Token Request API
• Token Validation API
• Revoke Token API

Copyright © Cloud Software Group, Inc. All rights reserved.