---
title: OAuth 2.0 - Password Credentials
excerpt: ''
deprecated: false
hidden: false
metadata:
  title: ''
  description: ''
  robots: index
next:
  description: ''
---
OAuth 2.0 Password Credentials is an authentication method that allows a user to exchange their username and password for an Access Token.

* This Access Token can be used in subsequent requests to authenticate API calls, typically as a Bearer Token.\
  When the Access Token expires, the user's credentials can be used to obtain a new one from the authorization server.
* To set this up, choose `Oauth2` from the **Auth Config** dropdown list.

Required Info for the connector.

![](https://files.readme.io/1af39efc4c75a336d871761a2350e1cefd2e33f1d75777cc8124425aceaa1743-passwordgrant_part1.png)

* `Oauth 2 Grant Type`: This should be set to `Password Grant`

* `Client ID`: This is where you input your actual Client ID value itself. 

* `Client Secret`: This is where you input your actual Client Secret value itself. 

* `Password Grant Username`: This is where you input your actual Username value itself.

* `Password Grant Password`: This is where you input your actual Password value itself. 

* `Oauth2 Token Url`: This is where you input the ***full*** token URL.

Now we move on to adding the additional info in the connector.

![](https://files.readme.io/d6ff8c8b27e53f1c8e3de29dd986067d14f0f7feb558128a5923b006b5314f43-oauth2part2_2.png)

* `Oauth2 Client Authentication`: This can be left blank.\
  Moveworks will try making the request with both Basic Auth and Request Body Auth by default.
* `Header Auth Key`, `Header Auth Value Pattern`, `Oauth2 Custom Grant Type`, `Oauth2 Custom Oauth Request Options Custom Grant Type` should all be left blank.
* If needed, you can leverage `Oauth2 Custom Oauth Request Options Additional Headers` to send additional Headers needed for the request.
  * This is what your headers will look like:
  ```
  Client-Id: XXX
  Client-Secret: YYY
  Username: AAA
  Password: BBB
  ```
    If you want to add any additional headers they'll get added to the headers:
  ```
  Client-Id: XXX
  Client-Secret: YYY
  Username: AAA
  Password: BBB
  Customer-Header: Custom-Value
  ```
* If needed, you can leverage `Oauth2 Custom Oauth Request Options Additional Request Data` to send additional body data needed for the request.
  * data is sent in **x-www-form-urlencoded** format in the body like so:
  ```json
  curl --location 'URL' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'client_id=abcd-1234' \
  --data-urlencode 'client_secret=secret123456' \
  --data-urlencode 'Custom-body=abcde12345' \
  ```