OAuth password grant flow | OAuth resource owner password grant
š„More exclusive content:
Twitter:
Website:
Blog:
00:00 What is the OAuth Password flow?
01:25 Security issues with OAuth password grant
02:38 OAuth password grant vs client credentials grant
04:42 conclusion
The OAuth Password Grant expects the client application to ask for a userās username and password
and then exchanges this for an access token.
The OAuth working group does not recommend to use this flow anymore and recommends to always use the Authorization code grant with PKCE instead.
The reason is that the userās credentials have now one more place where they could leak and in general people tend to trust the authorization more than some third party application which they cannot control.
9 months ago 08:00:57 9
10 months ago 01:10:17 1
11 months ago 00:02:25 1
1 year ago 00:26:58 1
1 year ago 00:41:44 1
1 year ago 00:54:36 1
2 years ago 00:33:12 1
2 years ago 00:05:00 11
2 years ago 00:08:47 107
4 years ago 02:05:48 1
4 years ago 01:33:25 3
