February 2012
Beginner to intermediate
78 pages
2h 13m
English
The user experience for this flow is identical to typical password-based access requests. The application asks the user for their username and password and the user provides the information. The application then makes either a server-side or client-side request to the API provider’s authorization server, without any user-facing interface changes.
If the API provider does not issue a refresh_token and the issued access_token is short-lived, the application
will likely store the username and password for future authentication
attempts. Unfortunately, this defeats some of the benefit of this
flow.