The ROPC grant type can be used in scenarios where an interactive user agent is not available, where specific design requirements warrant the use of a native application login interface, or for legacy reasons (i.e. retro-fitting a login form for OAuth2). In the ROPC grant type, the client captures the user credentials (step 1 below) and uses those credentials to swap for an access token (step 2).
|Browser-based end user interaction||No|
|Can use external IDP for authentication||No|
|Requires client authentication||No|
|Requires client to have knowledge of user credentials||Yes|
|Refresh token allowed||Yes|
|Access token is in context of end user||Yes|