OAuth 2.0 Resource Owner Password Credentials Grant - Requests and Response

Jakob Jenkov
Last update: 2014-06-15

The resource owner password credentials authorization contains a single request + response.

Resource Owner Password Credentials Grant Request

The request contains the following parameters:

grant_type Required. Must be set to password
username Required. The username of the resource owner, UTF-8 encoded.
password Required. The password of the resource owner, UTF-8 encoded.
scope Optional. The scope of the authorization.

Resource Owner Password Credentials Grant Response

The response is a JSON structure containing the access token. The JSON structure looks like this:

{ "access_token"  : "...",
  "token_type"    : "...",
  "expires_in"    : "...",
  "refresh_token" : "...",
}

The access_token property is the access token as assigned by the authorization server.

The token_type property is a type of token assigned by the authorization server.

The expires_in property is a number of seconds after which the access token expires, and is no longer valid. Expiration of access tokens is optional.

The refresh_token property contains a refresh token in case the access token can expire. The refresh token is used to obtain a new access token once the one returned in this response is no longer valid.

Jakob Jenkov

Featured Videos

Java ConcurrentMap + ConcurrentHashMap

Java Generics

Java ForkJoinPool

P2P Networks Introduction

















Close TOC
All Tutorial Trails
All Trails
Table of contents (TOC) for this tutorial trail
Trail TOC
Table of contents (TOC) for this tutorial
Page TOC
Previous tutorial in this tutorial trail
Previous
Next tutorial in this tutorial trail
Next