Simple OAuth Password Grant

This module re-implements the PasswordGrant for the Simple OAuth module.

This module only works with The Simple OAuth module version 6.0.x or greater!

Usage

To use this module, simply enable the Password grant type in your OAuth2 Consumer.

You can then obtain an access token by requesting it with the following payload:

{
  "grant_type": "password",
  "client_id": "__your-client-id__",
  "client_secret": "__your-client-secret__",
  "username": "drupal_username_or_email",
  "password": "drupal_password"
}

Important
The username can either be the Drupal username, or the Drupal user's email address!

Security Concerns

The PasswordGrant was part of the Simple OAuth module in Version 5 but got removed in Version 6 because the OAuth2 best current practices removed the PasswordGrant.

However, when using Drupal in a decoupled scenario as a pure backend, you can trust your frontend application.
For best user experience, the user must be able to input their login credentials on the Drupal frontend (which is decoupled), so the PasswordGrant makes sense here.

Supporting organizations:

wunderwerk.io

Development and maintenance

Project information

Project categories: Access control, Decoupled, Integrations
Ecosystem: Simple OAuth (OAuth2) & OpenID Connect
1,406 sites report using this module
Created by chfoidl on 8 February 2023, updated 19 September 2024
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.

Releases

2.1.0

released 7 March 2025

Works with Drupal: ^10.3 || ^11

Install:

Development version: 2.x-dev updated 7 Mar 2025 at 07:37 UTC

View all releases

Simple OAuth Password Grant

Primary tabs

Usage

Security Concerns

Project information

Releases

Maintainers

Issues for Simple OAuth Password Grant

All issues

Bug report

Statistics

Resources

Development

News items

Our community

Documentation

Drupal code base

Governance of community