simple_oauth_password_grant

1,442 sites Security covered

This module re-implements the PasswordGrant for the Simple OAuth module.

This module only works with The Simple OAuth module version 6.0.x or greater!

Usage

To use this module, simply enable the Password grant type in your OAuth2 Consumer.

You can then obtain an access token by requesting it with the following payload:

{
  "grant_type": "password",
  "client_id": "__your-client-id__",
  "client_secret": "__your-client-secret__",
  "username": "drupal_username_or_email",
  "password": "drupal_password"
}

Important
The username can either be the Drupal username, or the Drupal user's email address!

Security Concerns

The PasswordGrant was part of the Simple OAuth module in Version 5 but got removed in Version 6 because the OAuth2 best current practices removed the PasswordGrant.

However, when using Drupal in a decoupled scenario as a pure backend, you can trust your frontend application.
For best user experience, the user must be able to input their login credentials on the Drupal frontend (which is decoupled), so the PasswordGrant makes sense here.

Version	Type	Release date
2.1.0	Stable	Mar 7, 2025

Version

Type

Release date

2.1.0

Stable

Mar 7, 2025

simple_oauth_password_grant

Usage

Security Concerns

Activity

Releases