From the course: Web Security: OAuth and OpenID Connect (2019)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
When Should I use this?
From the course: Web Security: OAuth and OpenID Connect (2019)
When Should I use this?
- [Instructor] Based on the simple fact that the Resource Owner Password Flow defeats the entire purpose of OAuth when should you use it? In short, you should almost never use it. In fact, instead of treating it as a good choice you should treat it as a last option. As in there are no other better approaches available and this is all you have left. But, I'll be more specific and ask the vitally important question: Why is the Resource Owner Password Flow even part of OAuth? The Resource Owner Password grant type was written into OAuth specifically out of pragmatism. The designers of OAuth knew developers would have to integrate with legacy applications that expected a username and password. But by implementing this grant type you can bridge between those legacy systems and OAuth to implement new and better security practices. Fundamentally, you're getting your old application to learn and speak OAuth. Therefore, you…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.