Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OAuth2 Resource Owner Password Flow with vanilla JavaScript
// Please avoid "password" flow at all cost, it has been officially deprecated
// https://tools.ietf.org/html/draft-ietf-oauth-security-topics-15#section-2.4
// But, if you must use it, here's a simple way to do so:
async function getTokenResponse(clientId, identityServerUrl, username, password) {
const response = await fetch(identityServerUrl + "/connect/token", {
method: "POST",
headers: {
'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
},
body: new URLSearchParams({
"grant_type": "password",
"client_id": clientId,
"username": username,
"password": password,
}),
});
const json = await response.json();
console.log(json); // json.access_token should contain the actual token
return JSON.stringify(json, null, 2);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment