...
With the resource owner password credentials grant type, the user provides their service credentials (username and password) directly to the application, which uses the credentials to obtain an access token from the service. This grant type should only be enabled on the authorization server if other flows are not viable. Also, it should only be used if the application is trusted by the user (e.g. it is owned by the service, or the user's desktop OS.
Password Grant Flow
Step 1: Token Link
Send a POST request to to <OAUTH2_SERVER_URL >/token?params…
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
var client = new RestClient(Config.OAUTH2_SERVER_URL);
var request = new RestRequest("token", Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddQueryParameter("grant_type", "password");
request.AddQueryParameter("username", Config.USER);
request.AddQueryParameter("password", Config.PASSWORD);
request.AddQueryParameter("client_id", Config.CLIENT_ID);
request.AddQueryParameter("client_secret", Config.CLIENT_SECRET);
Example Json Response:
{"access_token": "a49765jhfhgs.....", "refresh_token": "8768ehg3uyu34r....", "expires_in":1516714140406}
|
Step 2: Request Data from GAPI
Send a GET / POST request to to <RESOURCE_SERVER_URL>/gapi/v1/path….
...