- Home>
- Resource Owner Password Credentials Grant
In this post, I’ll discuss the Resource Owner Password Credentials (ROPC) grant and when you should use it.
In a ROPC flow, the user gives the credentials directly to the client application, usually by mean of a login form over which the client application has complete control. In this flow, the client application does not redirect the user to an authorization server for authentication. However, the client application submits a request to the authorization server, passing over the user’s credentials to obtain an access token on behalf of the user. If the client is a confidential client or has been provided a secret key, the client also needs to authenticate against the authorization server using its client id and secret when requesting a token.