What are the requirements to support the resource owner password credentials grant? - c06360219

When supporting legacy print methods like Airprint and IPP, SSO is not supported in the same way. There is no form-based authentication option so we must enable a specific flow to support this, called resource owner password flow. To support this workflow the user does need to share full credentials with PrinterOn , but we will not store this information, we just use it to gain an access token which is then used to verify the user. User sends their username and password with the request (this would be encrypted at the iOS level) and PrinterOn requests an access token from the iDM token endpoint with the user's credentials. That token is then used to access the userinfo endpoint to validate the user. So PrinterOn still never holds onto the username/password, we just have the access token.

iDM requirements:

Resource owner password flow to support legacy print methods like AirPrint and IPP requires " grant_type " of "password" be allowed on the token endpoint. Ping specifically requires the administrator to enable the Resource Owner Password grant, and then also set a Credentials mapping for the option. If a credentials mapping has not been set, you will find that users cannot authenticate via legacy print methods like AirPrint and IPP.

NOTE:

Applies to PrinterOn Enterprise 4.x and later.