OAuth w/ grant type=password (Resource owner credentials flow)

Posted 1 year ago by itstrueimryan

I am trying to use Oauth 2 to authorize users from a mobile app to a trusted authentication/resource api. They will enter their username and password in the app and the resource will return an access token which can be used in subsequent requests.

According to https://alexbilbie.com/guide-to-oauth-2-grants/#resource-owner-credentials-grant-section-43, I need to use grant type 'password', and with this flow, I need to also send client_id and client_secret. I'm just a bit confused on where those two values are supposed to be generated from in this flow?

I’ve also seen other sites say that with this flow you DON’T actually need client_id and client_secret, and another site mentioned you only need client_id. A bit confused on what is the correct implementation here.


Please sign in or create an account to participate in this conversation.

Laracasts Mascot

Hi, Have We Met Yet?

Did you know that, in addition to the forum, Laracasts includes well over 1000 lessons on modern web development? All for the price of one lunch out per month.

Sign Me Up


Reply to

Use Markdown with GitHub-flavored code blocks.