Page created: 30 Sep 2020
|
Page updated: 30 Sep 2020
The ROPC grant type can be used in scenarios where an interactive user agent is not available, where specific design requirements warrant the use of a native application login interface, or for legacy reasons (i.e. retro-fitting a login form for OAuth2). In the ROPC grant type, the client captures the user credentials (step 1 below) and uses those credentials to swap for an access token (step 2).
| Capability | |
|---|---|
| Browser-based end user interaction | No |
| Can use external IDP for authentication | No |
| Requires client authentication | No |
| Requires client to have knowledge of user credentials | Yes |
| Refresh token allowed | Yes |
| Access token is in context of end user | Yes |