...
Resource owner password / password
With a request owner password flow or simply password flow, you can request a token on behalf of the user. With this non-interactive flow, you simply send the username and the password of the user with the authorization request. But as this is a non-interactive flow, the username and password of the user most be gathered somehow, so this is mainly used in legacy applications where a user might enter username and password on the applications login mask rather than on the CoreOne Authentication Servers login form. It’s It's best practice to only use this flow as a way of migrating to a more appropriate flow like authorization code, implicit or hybrid flow.
...