Documentation
DocumentationDeveloperAcademyCommunitySupportLogin

OAuth 2.0 - Password Credentials

Suggest Edits

OAuth 2.0 Password Credentials is an authentication method that allows a user to exchange their username and password for an Access Token.

  • This Access Token can be used in subsequent requests to authenticate API calls, typically as a Bearer Token.
    When the Access Token expires, the user's credentials can be used to obtain a new one from the authorization server.
  • To set this up, choose Oauth2 from the Auth Config dropdown list.

Required Info for the connector.

OAuth 2.0 Client Credentials Basic Info

  • Oauth 2 Grant Type: This should be set to Password Grant

  • Client ID: This is where you input your actual Client ID value itself.

  • Client Secret: This is where you input your actual Client Secret value itself.

  • Password Grant Username: This is where you input your actual Username value itself.

  • Password Grant Password: This is where you input your actual Password value itself.

  • Oauth2 Token Url: This is where you input the full token URL.

Now we move on to adding the additional info in the connector.

OAuth 2.0 Client Credentials Additional Info
  • Oauth2 Client Authentication: This can be left blank.
    Moveworks will try making the request with both Basic Auth and Request Body Auth by default.
  • Header Auth Key, Header Auth Value Pattern, Oauth2 Custom Grant Type, Oauth2 Custom Oauth Request Options Custom Grant Type should all be left blank.
  • If needed, you can leverage Oauth2 Custom Oauth Request Options Additional Headers to send additional Headers needed for the request.
    • This is what your headers will look like:
    Client-Id: XXX
Client-Secret: YYY
Username: AAA
Password: BBB
    If you want to add any additional headers they'll get added to the headers: 
    Client-Id: XXX
Client-Secret: YYY
Username: AAA
Password: BBB
Customer-Header: Custom-Value
  • If needed, you can leverage Oauth2 Custom Oauth Request Options Additional Request Data to send additional body data needed for the request.
    • data is sent in x-www-form-urlencoded format in the body like so:
    curl --location 'URL' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=abcd-1234' \
--data-urlencode 'client_secret=secret123456' \
--data-urlencode 'Custom-body=abcde12345' \

Updated 22 days ago