OAuth password grant flow, OAuth resource owner password grant

More exclusive content: Twitter: Website: Blog: 00:00 What is the OAuth Password flow 01:25 Security issues with OAuth password grant 02:38 OAuth password grant vs client credentials grant 04:42 conclusion The OAuth Password Grant expects the client application to ask for a user s username and password and then exchanges this for an access token. The OAuth working group does not recommend to use this flow anymore and recommends to always use the Authorization code grant with PKCE instead. The reason is that the user s credentials have now one more place where they could leak and in general people tend to trust the authorization more than some third party application which they cannot control.