OAuth Protocol Flow - Resource Owner Credentials

The password grant type allows the OAuth client to directly send the user’s credentials to the OAuth server. This grant is a great user experience for trusted first party clients both on the web and in native device applications.

Endpoint Parameters Response
/oauth2.0/accessToken grant_type=password&client_id=ID
&client_secret=<SECRET>
&username=USERNAME&password=PASSWORD
The access token.

Because there is no redirect_uri specified by this grant type, the service identifier recognized by CAS and matched in the service registry is taken as the client_id instead. You may optionally also pass along a service or X-service header value that identifies the target application url. The header value must match the OAuth service definition in the registry that is linked to the client id.