Does Stormpath Support OAuth?

Yes! Use Stormpath to securely generate, manage, check, and revoke both OAuth access and refresh tokens. The following OAuth 2.0 authorization grant types are currently supported:

  1. Password Grant Type: Grants the ability to get an Access Token based on a login and password.
  2. Refresh Grant Type: Grants the ability to generate another Access Token based on a special Refresh Token.
  3. Client Credentials Grant Type: Supported through our API Key Management feature and grants the ability to exchange an API Key for the Access Token.

You can read the full guide to using Stormpath for OAuth 2.0 token management here.

In addition, Stormpath Social Login accepts OAuth tokens from Google and Facebook to retrieve social user profiles and create valid Stormpath Accounts. This allows developers to build robust user profiles on top of the original social profile. It also enables end-users to create a password for your application. Check out our full guide to OAuth for Social Login here.

You can reach us with any Stormpath OAuth questions at or by submitting a ticket above.

Have more questions? Submit a request


1 comment
  • We do not currently support OAuth, but do plan to support it in the future. If OAuth integration would be helpful for you, we’d love to hear your use case in the comments or at

Please sign in to leave a comment.