Is Password Grant supported? #697

mqf20 · 2025-01-16T03:49:14Z

Thanks for this great library!

mqf20 · 2025-01-17T03:15:19Z

To provide some background to my request:

I understand that the OAuth 2.0 Password Grant is not recommended and will be removed from OAuth2.1.
However, this grant type allows developers to bootstrap OAuth2.0 with custom, third party authentication systems.

muhlemmer · 2025-01-17T14:23:31Z

We list supported protocols and grant types here: https://github.com/zitadel/oidc?tab=readme-ov-file#features. And no, it is not supported and we don't intend to support it for the reason you already wrote:

I understand that the OAuth 2.0 Password Grant is not recommended and will be removed from OAuth2.1.

However, this grant type allows developers to bootstrap OAuth2.0 with custom, third party authentication systems.

There are other grant types that allow for this:

Client Credentials: very similar to password grant, uses a secret in the client_secret form fields instead.
JWT Profile: uses a self-singed token as secret to authenticate.

mqf20 · 2025-01-17T15:10:47Z

Thanks for the explanation

hifabienne added this to Product Management Jan 16, 2025

muhlemmer closed this as not planned Won't fix, can't repro, duplicate, stale Jan 17, 2025

github-project-automation bot moved this to ✅ Done in Product Management Jan 17, 2025

muhlemmer added the question Further information is requested label Jan 17, 2025

Provide feedback