Resource Owner Password Credentials
To make calls, the following configuration should be used:
•POST verb.
•Add parameters using the format:
"application/x-www-form-urlencoded".
•Access credentials ("client_id" and "client_secret") must be sent in “Basic xxxxxx” format where the xxxxxx represent Base64 encoded values.
•Specify the "grant_type" parameter with "password" value.
•Specify the "username" parameter with the value of the resource owner's username.
•Specify the "password" parameter with the value of the resource owner’s password.
Usage Example in Postman
The following is an example of an access token request from Postman.
The client makes the following HTTP request:
POST /oauth/token HTTP/1.1
Host: localhost:8080
Authorization: Basic REVZRUxCT1Q6Qk9UREVZRUwzMTIh
Content-Type: application/x-www-form-urlencoded
Content-Length: 54
grant_type=password&username=afarias&password=deyel123
If the access token request is valid and authorized, the authorization server issues an access token and a refresh token. If the client request failed authentication or is invalid, the authorization server returns an error response, such as for submitting a non-existent user.
Successful access token response:
{ "access_token": "eyJraWQiOiJrMSIsImFsZyI6IlJTMjU2I….ezCK4IWR7YU1NlMAuCFKE7mJw", "refresh_token": "eyJraWQiOiJrMSIsImFsZyI6IlJTMjU….cL_mqernCGkQ", "token_type": "Bearer", "expires_in": 86400 } |
Failed answer:
{ "error_description": "Invalid client_id", "error": "Invalid_request" } |
