Merge pull request #124 from synapsestudios/122/changelog-and-docs

122/changelog and docs
synapsestudios · Oct 2, 2017 · 0df6823 · 0df6823
2 parents f5602c9 + f35b9b4
commit 0df6823
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,4 @@
+
+## [v1.3.1](https://github.com/synapsestudios/oidc-platform/compare/v1.3.0...release/v1.3.1) - 2017-10-2
+### Added
+- [#123](https://github.com/synapsestudios/oidc-platform/pull/123) Allow password grant type in database.
diff --git a/UPGRADE.md b/UPGRADE.md
@@ -0,0 +1 @@
+# UPGRADE
diff --git a/docs/implementation.md b/docs/implementation.md
@@ -259,6 +259,20 @@ Authorization: Basic ${base64Encode(clientId:clientSecret)}
 grant_type=client_credentials&scope=admin
 ```
 
+### Password Grant
+
+The password grant is used when an application is logging in on behalf of the user _without_ using any of the redirect workflows. This method requires your client app to collect the user's username and password and pass that along to the token endpoint which of course has security implecations. You should only use the password grant if the client app is controlled by you or is otherwise trusted. Make sure to use HTTPS to issue this request.
+
+#### Example token request
+
+```
+POST /op/token
+Host: ${providerDomain}
+Content-Type: application/x-www-form-urlencoded
+Authorization: Basic ${base64Encode(clientId:clientSecret)}
+grant_type=password&username=${username}&password={password}
+```
+
 ### Refresh Token
 
 TODO