---
title: Managing resource owner credentials grant mapping
description: Use the Resource Owner Credentials Grant Mapping to map values obtained from the password credential validator instance into the persistent grants. Persistent grants and any associated attributes and their values remain valid until the grants expire or until PingFederate explicitly revokes or cleans them up.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:help_oauthsource2targetmappingtasklet_oauthrocreds2targetmappingsstate
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_oauthsource2targetmappingtasklet_oauthrocreds2targetmappingsstate.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
  related-links: Related links
---

# Managing resource owner credentials grant mapping

Use the **Resource Owner Credentials Grant Mapping** to map values obtained from the password credential validator instance into the persistent grants. Persistent grants and any associated attributes and their values remain valid until the grants expire or until PingFederate explicitly revokes or cleans them up.

## About this task

The `USER_KEY` attribute is the identifier of the persistent grants.

If extended attributes are defined in **System > OAuth Settings > Authorization Server Settings**, configure a mapping for each attribute.

You can optionally set up datastore queries to supplement values returned from the source. This mapping is intended for the Resource Owner Password Credential grant type.

## Steps

1. Go to **Authentication > OAuth > Resource Owner Credentials Grant Mapping** and perform one of the following actions.

   | Action                                                   | Steps                                                                                                                                                                                                                                                                      |
   | -------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   | Create a mapping                                         | Select the source of the attributes from the list and click **Add Mapping**.                                                                                                                                                                                               |
   | Modify an existing mapping                               | Select your mapping under **Mappings**.                                                                                                                                                                                                                                    |
   | Remove an existing mapping or cancel the removal request | Click **Delete** or **Undelete** under **Action**.+&#xA;&#xA;Before removing a mapping from your configuration, ensure that it is not used by your OAuth use cases. Any corresponding entries defined in Applications > OAuth > Access Token Mapping will also be removed. |

## Related links

* [Mapping OAuth attributes](../introduction_to_pingfederate/pf_mapp_oauth_attri.html)