Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). Varbase Media Header 9.2.1 Minor update available for module varbase_media_header (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

This module adds back the "password grant" type for the Simple OAuth module. It allows applications to request an access token by sending user credentials directly, which can be useful for decoupled Drupal setups where the frontend is trusted.

This module re-implements the PasswordGrant for the Simple OAuth module.

This module only works with The Simple OAuth module version 6.0.x or greater!

Usage

To use this module, simply enable the Password grant type in your OAuth2 Consumer.

You can then obtain an access token by requesting it with the following payload:

{
  "grant_type": "password",
  "client_id": "__your-client-id__",
  "client_secret": "__your-client-secret__",
  "username": "drupal_username_or_email",
  "password": "drupal_password"
}

Important
The username can either be the Drupal username, or the Drupal user's email address!

Security Concerns

The PasswordGrant was part of the Simple OAuth module in Version 5 but got removed in Version 6 because the OAuth2 best current practices removed the PasswordGrant.

However, when using Drupal in a decoupled scenario as a pure backend, you can trust your frontend application.
For best user experience, the user must be able to input their login credentials on the Drupal frontend (which is decoupled), so the PasswordGrant makes sense here.

Activity

Total releases
1
First release
Mar 2025
Latest release
1 year ago
Releases (12 mo)
0 ▼ from 1
Maintenance
Dormant

Releases

Version Type Release date
2.1.0 Stable Mar 7, 2025