Page created: 30 Sep 2020
|
Page updated: 30 Sep 2020
The ROPC grant type can be used in scenarios where an interactive user agent is not available, where specific design requirements warrant the use of a native application login interface, or for legacy reasons (i.e. retro-fitting a login form for OAuth2). In the ROPC grant type, the client captures the user credentials (step 1 below) and uses those credentials to swap for an access token (step 2).
Capability | |
---|---|
Browser-based end user interaction | No |
Can use external IDP for authentication | No |
Requires client authentication | No |
Requires client to have knowledge of user credentials | Yes |
Refresh token allowed | Yes |
Access token is in context of end user | Yes |