Drupal is a registered trademark of Dries Buytaert
cva Module cva crossed 1,000 active installs. ai_dashboard Module ai_dashboard crossed 1,000 active installs.
← All modules

simple_oauth_password_grant

1,266 sites Security covered
View on drupal.org

This module re-implements the PasswordGrant for the Simple OAuth module.

This module only works with The Simple OAuth module version 6.0.x or greater!

Usage

To use this module, simply enable the Password grant type in your OAuth2 Consumer.

You can then obtain an access token by requesting it with the following payload:

{
  "grant_type": "password",
  "client_id": "__your-client-id__",
  "client_secret": "__your-client-secret__",
  "username": "drupal_username_or_email",
  "password": "drupal_password"
}

Important
The username can either be the Drupal username, or the Drupal user's email address!

Security Concerns

The PasswordGrant was part of the Simple OAuth module in Version 5 but got removed in Version 6 because the OAuth2 best current practices removed the PasswordGrant.

However, when using Drupal in a decoupled scenario as a pure backend, you can trust your frontend application.
For best user experience, the user must be able to input their login credentials on the Drupal frontend (which is decoupled), so the PasswordGrant makes sense here.

Activity

Total releases
1
First release
Mar 2025
Latest release
11 months ago
Release cadence
Stability
100% stable

Releases

Version Type Release date
2.1.0 Stable Mar 7, 2025