The ROPC grant type can be used in scenarios where an interactive user agent is not available, where specific design requirements warrant the use of a native application login interface, or for legacy reasons (i.e. retro-fitting a login form for OAuth2). In the ROPC grant type, the client captures the user credentials (step 1 below) and uses those credentials to swap for an access token (step 2).

Oauth ropc flow

Browser-based end user interaction No
Can use external IDP for authentication No
Requires client authentication No
Requires client to have knowledge of user credentials Yes
Refresh token allowed Yes
Access token is in context of end user Yes