OAuth 2.0 Password Grant


The Password grant type is a way to exchange a user's credentials for an access token.

Since this involves the client handling the user's password, it must not be used by third party clients. In this flow, the user's username and password are exchanged directly for an access token.

This flow provides no mechanism for things like multifactor authentication or delegated accounts, so is quite limiting in practice and is of limited use.

More resources