-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Using Resource Owner Password Credentials flow
felipeelias edited this page Apr 30, 2012
·
23 revisions
In this flow, a token is requested in exchange for the resource owner credentials (username and password):
To use this flow you first have to tell doorkeeper how to authenticate the resource owner with username/password:
# doorkeeper.rb
resource_owner_from_credentials do |routes|
User.authenticate!(params[:username], params[:password])
end
This is basically everything you need to do.
For testing you can use the oauth2
ruby gem:
client = OAuth2::Client.new('the_client_id', 'the_client_secret', :site => "http://example.com")
access_token = client.password.get_token('user@example.com', 'sekret')
That will make a POST request to the OAuth providers "/oauth/token" endpoint, with the params:
"grant_type" => "password"
"username" => "user@example.com"
"password" => "sekret"
"client_id" => "the_client_id"
"client_secret" => "the_client_secret"
Then, you'll receive the access token back in the response.
Links: