Switch branches/tags
Nothing to show
Find file History
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin password grant example Mar 8, 2018
public/stylesheets password grant example Mar 8, 2018
routes new and updated code samples Jul 19, 2018
views password grant example Mar 8, 2018
.env.sample new and updated code samples Jul 19, 2018
README.md new and updated code samples Jul 19, 2018
app.js password grant example Mar 8, 2018
package-lock.json password grant example Mar 8, 2018
package.json password grant example Mar 8, 2018


OneLogin OpenId Connect Resource Owner Password Grant

This sample app demonstrates how to authenticate users using the Resource Owner Password Grant.

With this example a singe OAuth2.0 style request is made to authenticate the user.

  • This flow does not support MFA. If MFA is required for the user the authentication will fail with a message indicating the MFA requirement.
  • Under this flow a single sign-on session is not created for the user so they will not be able to SSO into other apps.

API Reference

This sample makes use of the following apis:

Create session via User/Password

This is where the user authentication takes place. On success you will get an access_token which can be used to fetch info about the user.

let options = {
  method: 'POST',
  uri: `https://openid-connect.onelogin.com/oidc/token`,
  form: {
    client_id: process.env.OIDC_CLIENT_ID,
    client_secret: process.env.OIDC_CLIENT_SECRET,
    grant_type: 'password',
    username: req.body.username,
    password: req.body.password,
    scope: 'openid profile email',
    response_type: 'id_token'

request(options, function(error, response, body){


    let token = JSON.parse(body)

    req.session.accessToken = token.access_token;


Get user info

With a valid access_token you can get profile information for the user. The information return is based on the scope that was granted in the authentication step.

let options = {
  method: 'GET',
  auth: {
    bearer: req.session.accessToken
  uri: `https://openid-connect.onelogin.com/oidc/me`

request(options, function(error, response, body){

  let user = JSON.parse(body);

  res.render('profile', {
    user: user


In order to run this sample you need to setup an OpenId Connect app in your OneLogin Admin portal.

If you don't have a OneLogin developer account you can sign up here.

Clone this repo and then update /javascripts/main.js with the client_id you obtained from OneLogin and the subdomain of your OneLogin account.


This sample is based on a default expressjs app.

From the command line run

> npm install
> npm start

Browse to http://localhost:3000