Tech and Media Labs
This site uses cookies to improve the user experience.




OAuth 2.0 Resource Owner Password Credentials Grant - Requests and Response

Jakob Jenkov
Last update: 2014-06-15

The resource owner password credentials authorization contains a single request + response.

Resource Owner Password Credentials Grant Request

The request contains the following parameters:

grant_type Required. Must be set to password
username Required. The username of the resource owner, UTF-8 encoded.
password Required. The password of the resource owner, UTF-8 encoded.
scope Optional. The scope of the authorization.

Resource Owner Password Credentials Grant Response

The response is a JSON structure containing the access token. The JSON structure looks like this:

{ "access_token"  : "...",
  "token_type"    : "...",
  "expires_in"    : "...",
  "refresh_token" : "...",
}

The access_token property is the access token as assigned by the authorization server.

The token_type property is a type of token assigned by the authorization server.

The expires_in property is a number of seconds after which the access token expires, and is no longer valid. Expiration of access tokens is optional.

The refresh_token property contains a refresh token in case the access token can expire. The refresh token is used to obtain a new access token once the one returned in this response is no longer valid.

Jakob Jenkov




Copyright  Jenkov Aps
Close TOC