simple_openid_connect.flows.direct_access_grant#
The Direct Access Grant (or Resource Owner Password Credentials Grant).
Using this flow, a users credentials (i.e. username and password) are directly sent to the OpenId issuer.
Warning
This way of exchanging credentials for tokens is considered legacy and not recommended but some app designs may still require it. The latest OAuth 2.0 Security Best Current Practices even disallows the password grant entirely.
Functions
|
Exchange a given username and password for access, refresh and id tokens. |
- simple_openid_connect.flows.direct_access_grant.authenticate(token_endpoint: str, scope: str, username: str, password: str, client_authentication: ClientAuthenticationMethod) TokenSuccessResponse | TokenErrorResponse#
Exchange a given username and password for access, refresh and id tokens.
- Parameters:
token_endpoint – The endpoint of the OP at which tokens can be exchanged. Corresponds to
ProviderMetadata.token_endpoint.scope – The scope requested by the application
username – Username of the user who should be authenticated.
password – Password of the user who should be authenticated.
client_authentication – A way for the client to authenticate itself
- Returns:
The result of the exchange
Modules