Resource Owner Password Credentials Grant

By: Jason Yy user 02 May 2017 at 6:09 p.m. CDT

6 Responses
Jason Yy gravatar
Hello, If I wanted to utilize "Resource Owner Password Credentials Grant" (as defined by the OAuth 2.0 specification in https://tools.ietf.org/html/rfc6749#section-4.3), will Gluu CE provide this functionality or do I need to install something like oxd? Thanks!
OS Version : N/A
closed

Answers

By Aliaksandr Samuseu staff 02 May 2017 at 6:57 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Jason. You can check [this page](https://gluu.org/docs/ce/2.4.4/admin-guide/oauth2/#resource-owner-password-credentials-grant) which describe how to use it. Note it's related to previous Gluu CE's major version, and I can't see a similar page in 3.0 docs, so can't say whether it's still supported. You could give it a try and provide your feedback here.

By Jason Yy user 03 May 2017 at 11:09 a.m. CDT

Copy
Jason Yy gravatar
Well Gluu support forum accounts use version 2.4.4, but if you visit https://idp.gluu.org/.well-known/openid-configuration and look under "grant_types_supported" this implies that "Resource Owner Password Credentials Grant" is not supported because it is missing. Can you confirm whether this is true (or if there are plans to add this in the future)? We are looking to utilize the different grant types supported by OAuth 2.0, but right now I'm a bit confused on whether Gluu really supports this.

By Michael Schwartz Account Admin 03 May 2017 at 11:30 a.m. CDT

Copy
Michael Schwartz gravatar
Resource owner password credential grant is an OAuth2 flow, and not openid connect. (Hence why it's not in the OpenID Connect discovery doc). We do support it, but 9/10 times it's a very bad idea. If you're thinking you might buy a support contract at some time, and you want to discuss, I think there are some meetings open on Friday: http://gluu.org/booking

By Jason Yy user 03 May 2017 at 12:16 p.m. CDT

Copy
Jason Yy gravatar
Right okay, that makes sense. And we do acknowledge the security implications of using such a flow. I took another look at the grantTypesSupported in oxauth-config.xml in the Gluu 3 interface. There are no mentions at all of Client Credentials Grant. Can you tell us where in Gluu we can check to see that it is enabled?

By Aliaksandr Samuseu staff 16 May 2017 at 3:50 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Jason. I've tried resource owner credentials flow described in [this CE 2.4.4 doc article](https://gluu.org/docs/ce/2.4.4/admin-guide/oauth2/#resource-owner-password-credentials-grant) both in 2.4.4 and 3.1(beta) packages, and though they both don't list respective type of grant at `/.well-known/openid-configuration` page, it still worked for me out of the box. I believe it should also work in you 3.0.1 instance. Have you tried it yourself? Was it successful?

By Jason Yy user 18 May 2017 at 12:48 p.m. CDT

Copy
Jason Yy gravatar
We have decided for now we will not utilize this particular grant. We did try in the past and was unsuccessful in Gluu 3.0.1. But thanks for getting back to me!

Post an answer