7.4. Logging in with a username and password

To log in with a username and password, the following happens:

  • Username and password are sent to the server
  • The server verifies both
  • The user receives an OAuth token which he uses for further requests

The process is exactly the same as with private key authentication, but the challenge does not need to be requested.

Example:

Request the token:

# Log in with username and password
# username is the user’s email address
# Password is the users password
curl -s https://client_id:[email protected]/oauth/token/ \
     --data="scope=read%20write&[email protected]&password=hunter42&grant_type=password"

Response:

{
    // Token expiry time, in seconds
    "expires_in": 600,
    // Refresh token
    "refresh_token": "cU8PqVszJXX8A3bzFWKjMUfJK3nXXB",
    // Access token to be used in Authentication: Bearer <token>
    "access_token": "WlMxwPLaAG3krmvJxyzkSiVgIGaPIdH",
    // Token type. Currently only “Bearer” is available
    "token_type": "Bearer",
    "scope": "read write"
}