Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

In a password grant use case two OAuth clients are registered with SSO. The first client may be a "native application" presenting user interfaces to the end-user. The first client may also for example be a simple command-line client or other backend application in a server-to-server integration scenario. The second client is usually a web service or resource server providing API services to the first client. 

The first client wants to get an access token for calling the resource server API services. The resource server validates the access token it receives by calling the tokeninfo service. The tokeninfo service returns claims and attributes describing the authenticated user.

Contents

Table of Contents
excludeContents


Gliffy
nameP_Password grant sequence diagram

Sequence diagram of password grant



Anchor
_Toc452021340
_Toc452021340
Access Token Request

https://tools.ietf.org/html/rfc6749#section-4.3.2

Anchor
_Toc452021341
_Toc452021341
POST /uas/oauth2/token

Required parameters

  • grant_type = password

Allowed by default

  • scope = openid <resource id …>

The value "openid" and one or more OAuth Client Identifiers of resource servers. See Registeration Response

  • client_id & client_secret

OAuth Client Identifier and Secret of the native application

  • username & password

The username and password of the end-user



Code Block
languagexmlthemeRDark
titleSample token request
POST https://sso.example.com/uas/oauth2/token Authorization: Basic MTc2MjQxNDM3NDoqKio= Content-Type: application/x-www-form-urlencoded
grant_type=password&scope=1762414374&username=user1&password=***


Anchor
_Toc452021342
_Toc452021342
Access Token Response

Instructions on page Authorization code grant and web single sign-on

Anchor
_Toc452021343
_Toc452021343
Resource Server Request

Instructions on page Authorization code grant and web single sign-on

Anchor
_Toc452021344
_Toc452021344
TokenInfo Request

Instructions on page Authorization code grant and web single sign-on

Anchor
_Toc452021345
_Toc452021345
TokenInfo Response

Instructions on page Authorization code grant and web single sign-on