Username-Password Flow

Username-Password Flow Diagram
  • Current recommendation from IETF is not to use this flow. A more secure alternative should be used in almost all scenarios (e.g. web server for user authentication or JWT bearer for server authentication)
  • The only circumstances this should be considered is where there is complete trust between all systems and networks. An example use case would be a user entering a password in real time on an internally managed client application which doesn't support a browser-based identity flow
Walkthrough and Additional Considerations (Apex Hours)

This Flow in Context
Diagram showing flow in context