Oauth2.0 - Resource Owner Password Credentials grant workflow



OAUTH2.0 - Resource Owner Password Credentials Grant Workflow

Greetings from in28minutes.com.

In this read, we will take a look at OAUTH2.0 and under the resource owner password credentials grant in the simplest manner (i.e. via a workflow)

What is OAuth2.0

It is an open authorization protocol that allows accessing the resource owner resources by enabling the client applications (like Facebook, GitHub, etc.) on HTTP services. This protocol was made famous by HTTP Basic authentication wherein the user is required to enter the username and password and was created as a response to the direct authentication pattern. It allows the exchange of resources stored on one site with another site by using the credentials token. It used -

  • To read the user data from another application
  • Supplies the authorization workflow for web and desktop applications along with mobile devices
  • It uses the authorization code and does not interact with the user credentials

OAuth2.0 Roles

  1. Resource Owner - It is the person who authorizes an application to access their account. The application’s access to the user’s account is limited to the “scope” of the authorization granted (e.g. read or write access)
  2. Authorization Server - Hosts the protected user accounts, and the authorization server verifies the user identity and then issues the access token to the application
  3. Client - It is the application that wants to access the user’s account

OAuth2.0 Advantages

  • It is a flexible protocol that relies on SSL to save the user access token
  • It relies on SSL to ensure cryptography protocol is used to ensure the data integrity
  • Allows limited access to the user’s data
  • Allows the ability to share user’s data without releasing the PI information for the users
  • It is easier to implement and provides stronger authentication

OAuth2.0 Disadvantages

  • Adding more extensions to the application will require a separate piece of code for each extension

Resource Owner Password Credentials Grant

  • In this grant the user provides their username and password details directly to the application’s login page which in turn uses these credentials to create the access token for the application from the authorization server. This grant is only enabled on the authorization server if the other flows not viable. The important point to remember is that this grant is only used if the application is trusted by the user. A sample HTTP POST request for this grant type will look this -


Let us understand this via a workflow diagram.

8 AWS Certification Courses

We are releasing courses for 3 Certifications under 3 categories - STEP BY STEP, EXAM REVIEW and PRACTICE TESTS:

  • Step by Step courses are for you if you are getting started with AWS
  • Exam Review courses help you to quickly review for the exam in a few hours
  • Practice Tests help you to test your preparation - How ready are you for the exam?


EXAM REVIEW COURSES: You prepare for the exam for 1-6 months. How do you remember everything you studied? Review for the exam in under 6 HOURS using this crash courses!

PRACTICE TESTS: Test yourselves for the certification exam with our practice tests

Best Selling Udemy Courses

Image Image Image Image Image Image Image Image Image Image Image

Join 450,000 Learners and 30+ Amazing Courses

350,000 Learners are learning everyday with our Best Selling Courses : Spring Boot Microservices, Spring, Spring Boot, Web Services, Hibernate, Full Stack React, Full Stack Angular, Python, Spring Interview Guide, Java Interview, Java Functional Programming, AWS, Docker, Kubernetes, PCF, AWS Fargate and Azure

Do not know where to start your learning journey? Check out our amazing learning paths:
Learning Path 01 - Spring and Spring Boot Web Applications and API Developer,
Learning Path 02 - Full Stack Developer with Spring Boot, React & Angular,
Learning Path 03 - Cloud Microservices Developer with Docker and Kubernetes,
Learning Path 04 - Learn Cloud with Spring Boot, AWS, Azure and PCF and
Learning Path 05 - Learn AWS with Microservices, Docker and Kubernetes



Related Posts

Understanding jwt token

Let us understand the json web tokens

Single sign-on workflow

Let us understand the single sign-on workflow

Oauth2.0 - Implicit grant workflow

Let us understand the Oauth2.0 implicit grant workflow

Oauth2.0 - Client Credentials grant workflow

Let us understand the Oauth2.0 client credentials grant workflow

Oauth2.0 - Authorization grant workflow

Let us understand the Oauth2.0 authorization grant workflow

Writing Integration Tests for Rest Services with Spring Boot

Setting up a basic REST Service with Spring Boot is a cake walk. We will go one step further and add great integration tests!

Integrating Spring Boot and Spring JDBC with H2 and Starter JDBC

Learn using Spring Boot Starter JDBC to connect Spring Boot to H2 (in memory database) using Spring JDBC. You will create a simple project with Spring Boot. You will add code to the project to connect to a database using Spring JDBC. You will learn to implement the basic CRUD methods.

JUnit Tutorial for Beginners in 5 Steps

JUnit Tutorial for Beginners in 5 Steps. Setting up a basic JUnit example and understanding the basics of junit.

JPA and Hibernate Tutorial For Beginners - 10 Steps with Spring Boot and H2

JPA and Hibernate in 10 Steps with H2 - Setting up a basic project example with Spring Boot and in memory database H2. Its a cake walk.

Spring Boot Tutorial For Beginners in 10 Steps

Introduction to Spring Boot in 10 Steps. Learn the basics of Spring Boot setting up a basic project example with Spring Boot.