OAuth2.Strategy.Password (OAuth2 v2.1.0) View Source

The Resource Owner Password Credentials Authorization Strategy.

http://tools.ietf.org/html/rfc6749#section-1.3.3

The resource owner password credentials (i.e., username and password) can be used directly as an authorization grant to obtain an access token. The credentials should only be used when there is a high degree of trust between the resource owner and the client (e.g., the client is part of the device operating system or a highly privileged application), and when other authorization grant types are not available (such as an authorization code).

Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single request and are exchanged for an access token. This grant type can eliminate the need for the client to store the resource owner credentials for future use, by exchanging the credentials with a long-lived access token or refresh token.

Link to this section Summary

Functions

Not used for this strategy.

Retrieve an access token given the specified End User username and password.

Link to this section Functions

Link to this function

authorize_url(client, params)

View Source

Not used for this strategy.

Link to this function

get_token(client, params, headers)

View Source

Retrieve an access token given the specified End User username and password.