"Password Credentials" grant_type and openid
search cancel

"Password Credentials" grant_type and openid


Article ID: 251549


Updated On:


CA API Gateway


When we make a call to the /openid/connect/v1/userinfo endpoint using to get the token through the "Password Credentials" stream, but the userinfo cannot be consumed

since it displays an expired claim token error

is the password credential flow compatible with openid?

It is possible to customize the userinfo endpoint so that it returns the user data using the password credentials flow.

Note: When using the authorization code flow it works correctly



Release : 10.0, 10.1

Component : OTK


"Password Credentials" grant_type will not work with openid (not compatible) .

According to specifications it will possible only using grant_type authorization_code" or "implicit"



grant_types_supportedOPTIONAL. JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports. 
Dynamic OpenID Providers MUST support the authorization_code and implicit Grant Type values and MAY support other Grant Types. 
If omitted, the default value is ["authorization_code", "implicit"].

note: customize to use oob on the policy instead of openid is not recommended because is not using the openid scope specifications as expected to be used.