Resource Owner Password Credentials Grant
This endpoint exchanges the resource owner's credentials for an access token and it is highly advised to be used from secure environments such as your application's backend.
Request Body
Your client id.
Make sure your client has password
grant type enabled in Dashboard > Clients > Details > Grant Types
For Resource Owner Credentials Grant this must be set to password
Value: password
End-User's identifier.
NOTE: This field may be misleading as we didn't want to override protocol specification. Even though this field is named as username it may not be End-User's username if identifier
is set to different field from username, such as email
, phone_number
, etc.
Audience of to be generated access token.
Make sure your client is granted access to use this audience from Dashboard > Resources > [Your Resource] > Clients
If provided user credentials will be checked from the provided connection.
NOTE: this will override default connection set in dashboard.
Field name to look up user.
Make sure to set username
field according to this value.
For ex: If identifier=email
set username
to End-User's email address.
Default Value: "email"