Skip to content

Using Resource Owner Password Credentials flow

Jump to bottom Edit New page
felipeelias edited this page Apr 30, 2012 · 23 revisions

In this flow, a token is requested in exchange for the resource owner credentials (username and password):

Configuration

To use this flow you first have to tell doorkeeper how to authenticate the resource owner with username/password:

  # doorkeeper.rb
  resource_owner_from_credentials do |routes|
    User.authenticate!(params[:username], params[:password])
  end

This is basically everything you need to do.

Testing

For testing you can use the oauth2 ruby gem:

client = OAuth2::Client.new('the_client_id', 'the_client_secret', :site => "http://example.com")
access_token = client.password.get_token('user@example.com', 'sekret')

That will make a POST request to the OAuth providers "/oauth/token" endpoint, with the params:

"grant_type"    => "password"
"username"      => "user@example.com"
"password"      => "sekret"
"client_id"     => "the_client_id"
"client_secret" => "the_client_secret"

Then, you'll receive the access token back in the response.

Links:

Add a custom footer
Add a custom sidebar
Clone this wiki locally