Skip to content

Commit

Permalink
password grant text update, #996 (comment)
Browse files Browse the repository at this point in the history
  • Loading branch information
Elar Lang committed Sep 20, 2024
1 parent 87fd989 commit a0d6cea
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion 5.0/en/0x51-V51-OAuth2.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ Restricting token privileges ensures a Client is granted the proper access to a

### Resource Owner Password Credentials Grant

Aside from this grant type can leak credentials in more places than just the Authorization Server, adapting the Resource Owner password credentials grant to two-factor authentication, authentication with cryptographic credentials (e.g. WebCrypto, WebAuthn) and authentication processes that require multiple steps can be hard or impossible.
Aside from this grant type can leak credentials in more places than just the Authorization Server, adapting the Resource Owner password credentials grant to two-factor authentication, authentication with cryptographic credentials (e.g. WebCrypto, WebAuthn), and authentication processes that require multiple steps can be hard or impossible. This grant type is not recommended in general due to security concerns. Instead, use the authorization code grant with PKCE. This grant type is omitted from the OAuth 2.1 specification.

## OAuth 2.0 References

Expand Down

0 comments on commit a0d6cea

Please sign in to comment.