| Unfortunately Hydra does not (and will not) support the resource owner password credentials (ROPC) grant (https://github.com/ory/hydra/pull/297#issuecomment-294282671) I'm no security expert, but to my understanding the ROPC grant makes sense for highly privileged applications, i.e. 1st party client applications (e.g. main app website, main native iOS client) as explained by http://oauthlib.readthedocs.io/en/latest/oauth2/grants/passw... I've been looking around in this space for OAuth and auth out of the box alternatives. I've tried Kong's OAuth2 plugin (https://getkong.org/plugins/oauth2-authentication/) but after trying to integrate it felt like I had to write more code than necessary. Also had to configure a lot of APIs, and felt like it was clunky to manage them that way. I have also tried to play with http://anvil.io, but the authors are busy with another project (https://solid.mit.edu) so Anvil is taking a back seat. Even the Getting Started currently has known unfixed issues. I am heavily investigating http://www.keycloak.org/, and so far I am really impressed. However though, to deploy you will need to delve into Wildfly/Java configurations. And of course, minimum 512MB to run any Java app on a node. Dex is also advertised as a solution but it looks like the documentation could do with more information and improvements. https://github.com/coreos/dex Doesn't seem easy to just take and run. Thanks to comments here, I might these looking at these next: 1. https://github.com/RichardKnop/go-oauth2-server
2. https://portier.github.io/ |