Properly implement Resource Owner Password Grant

john.gateley · June 16, 2022, 2:25pm

Joke: how do you properly implement Resource Owner Password Grant? Don’t! Use Auth Code instead.
Sorry, not funny to anyone but me I bet.

ROPG is an anti-pattern, it is not recommended.

I would suggest either Auth Code or Auth Code + PKCE, depending on if you do the token exchange in the Angular front end or the .Net backend (use PKCE for the front end exchange).

Use Auth0’s CNAME feature so that even though you are redirecting to Auth0, the domain name belongs to you.

I hope this helps.

John

Topic		Replies	Views
Help with Authorization flow choice for Angular SPA & Spring API Get Help auth0 , api , api-authorization , flow	3	4011	August 26, 2019
Custom or Embedded login in SPA possible with Implicit Flow? Get Help custom-login , embedded-lock	3	5377	December 22, 2018
Implicit grant using Auth0 Get Help auth0-server , oauth , implicit-grant	4	4934	March 2, 2018
Newbie question: Which OAuth 2.0 Flow? Get Help	11	3639	October 6, 2020
How to properly login with database connection in a SPA? Get Help database , auth0js , login	2	4355	March 2, 2018

Properly implement Resource Owner Password Grant

Related topics