Skip to content

Password Grant#

Janssen Server supports the password grant. At the same time, inline with OAuth 2.0 security best practices, this password grant should never be used in practice. OAuth 2.1 has removed this grant type.


A client can use the password grant if it is enabled in the configuration. An administrator can use TUI to enable password grant for a client.


Using the password grant involves sharing user credentials with a third-party application. This third-party app which has registered with Janssen Server as a client, will then use user-id/password credentials from the user to obtain an access token from Janssen Server.

Janssen Server also requires the client to authenticate itself based on the client configuration.

Since sharing user credentials with a third-party app is a security risk and against the basic purpose of OAuth, this grant type shall not be used.

Want to contribute?#

If you have content you'd like to contribute to this page in the meantime, you can get started with our Contribution guide.

Last update: 2023-08-03
Created: 2022-07-21