OAuth2 Resource Owner Password Flow with vanilla JavaScript

example.js

// Please avoid "password" flow at all cost, it has been officially deprecated
// https://tools.ietf.org/html/draft-ietf-oauth-security-topics-15#section-2.4
// But, if you must use it, here's a simple way to do so:

async function getTokenResponse(clientId, identityServerUrl, username, password) {
  const response = await fetch(identityServerUrl + "/connect/token", {
    method: "POST",
    headers: {
      'Content-Type': 'application/x-www-form-urlencoded;charset=UTF-8',
    },
    body: new URLSearchParams({
      "grant_type": "password",
      "client_id": clientId,
      "username": username,
      "password": password,
    }),
  });

  const json = await response.json();
  console.log(json); // json.access_token should contain the actual token
  return JSON.stringify(json, null, 2);
}