Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does OpenID Connect support the Resource Owner Password Credentials grant?

Tags:

I have been using OAuth resource owner credential flow previously for authorization.

However I would now like to consider using openid connect in pace of this, for authentication and authorization, and was wondering if the resource owner credential flow is supported in openid connect.

like image 887
Kramer00 Avatar asked Jun 04 '14 20:06

Kramer00

People also ask

What is resource owner password credentials grant type?

The resource owner password credentials grant workflow allows for the exchanging of the user name and password of a user for an access token. When using the resource owner password credentials grant, the user provides the credentials (user name and password) directly to the application.

Why is resource owner password flow not recommended?

Here are the main reasons why you should never use the Resource Owner Password Credentials (ROPC) grant type, aka the password grant: ROPC is impersonation, not authentication. ROPC exposes end-user credentials to applications. The user cannot consent.

What is an OpenID Connect authentication system?

OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. Targeted toward consumers, OIDC allows individuals to use single sign-on (SSO) to access relying party sites using OpenID Providers (OPs), such as an email provider or social network, to authenticate their identities.

Does OpenID provide authorization?

It's an open standard that provides both authentication and authorization. Similar to the terminology of the other two standards, SAML defines a principal, which is the end user trying to access a resource. There is a service provider, which is the web server that the principal is trying to access.

1 Answers

Yes, OpenID Connect supports all OAuth 2.0 grant types including Resource Owner Password Credentials Grant and Client Credentials Grant.

As we know, Authorization Code Grant and Implicit Grant are typical 3-legged flows including interaction between a client, an authorization server and a user. While the Resource Owner Password Credential Grant and Client Credential Grant are 2-legged which means the client uses pre-authorized scopes so that no interaction with the user is necessary, removing the need to perform one of the legs in the typical flow.

Here is a reference: Configuring an OpenID Connect Provider to enable 2-legged OAuth requests

like image 124
Owen Cao Avatar answered Sep 25 '22 01:09

Owen Cao
Sign in to Comment

Related questions

Julia: Transforming an Array of Arrays in a 2-dimensional Array
Swipe Direction in ViewPager
Verify path traversal vulnerability in web server
fatal error: unexpectedly found nil while unwrapping an Optional value [duplicate]
How to configure Spring Data JPA using XML
Python urllib2.HTTPError: HTTP Error 503: Service Unavailable on valid website
GoogleApiClient onConnectionSuspended , should i call mGoogleApiClient.connect() again?
How to find the most similar word in a list in python
Cocoa - Where is the link between a NSCollectionView and a NSCollectionViewItem? Xcode 6 Bug?
ggplot2: Different legend symbols for points and lines
uses-sdk element cannot have a "tools:node" attribute
React js: Invariant Violation: processUpdates() when rendering a table with a different number of child rows

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!