How to use the password grant?

[adhikari-suman]

I am trying to use the password grant to login the user. The API hosts both oauth2 server and resource api in same backend api.

When I send the POST request to /token, I get the below response. I am using the default example that is provided for now but I'm using the password grant instead of client_credentials grant.

{
    "error": "access_denied",
    "error_description": "The resource owner or authorization server denied the request"
}

[jarlandre]

have you used SetPasswordAuthorizationHandler?

[jhoffmann]

I'm having the same issue. I was able to get a token, but only by providing both the username=test&password=test url params as well as the Authorization: Basic header. What's even stranger, is the two didn't even need to match!