You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
### 4. Resource Owner Password Grant (Direct Authentication)
108
+
109
+
> [!WARNING]
110
+
> The Resource Owner Password Grant flow should **ONLY** be used by highly-trusted first-party applications where redirect-based flows cannot be used. This flow requires users to expose their credentials directly to the application.
111
+
>
112
+
> **Always prefer the Authorization Code Flow with PKCE** (interactive login above) for better security when possible.
113
+
114
+
For scenarios where redirect-based flows are not feasible, you can authenticate users directly with their username and password:
115
+
116
+
```python
117
+
from auth0_server_python.auth_types import TokenByPasswordOptions
118
+
119
+
# Basic password authentication
120
+
result =await auth0.get_token_by_password(
121
+
TokenByPasswordOptions(
122
+
username="user@example.com",
123
+
password="secure_password"
124
+
)
125
+
)
126
+
127
+
# Access the authenticated user
128
+
user = result["state_data"]["user"]
129
+
print(f"Logged in as: {user['email']}")
130
+
```
131
+
132
+
#### Server-Side IP Forwarding
133
+
134
+
When calling this endpoint from a server, you can forward the end-user's IP address for security and auditing purposes:
135
+
136
+
```python
137
+
# In a server-side application (e.g., FastAPI backend)
auth0_forwarded_for=client_ip # Forward the end-user's IP
148
+
)
149
+
)
150
+
return result
151
+
```
152
+
153
+
For more examples including realm specification and audience/scope usage, see [examples/ResourceOwnerPasswordGrant.md](examples/ResourceOwnerPasswordGrant.md).
0 commit comments