Use this when your application authenticates users via the OAuth 2.0 Resource Owner Password Credentials (ROPC) grant. This flow exchanges a username and password directly for an access token, without a browser-based redirect.
The OAuth password grant is considered a legacy flow and is not recommended for new applications. If your app supports it, Mjolnir can use it for testing.
What to provide
Username: [email protected]
Password: YourTestPassword123
Token URL: https://auth.example.com/oauth/token
Client ID: your-client-id
Client Secret: your-client-secret (if required)
Scope: openid profile email
How it works
Mjolnir will POST to your token URL with the user’s credentials to obtain an access token, then use that token to authenticate API requests.
A typical token request looks like:
POST /oauth/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
grant_type=password
&username=[email protected]
&password=YourTestPassword123
&client_id=your-client-id
&scope=openid profile email
Multiple users for role testing
If your application has multiple roles, add a separate test user for each role. Mjolnir will use them to test whether a lower-privileged user can access resources or perform actions restricted to a higher-privileged role. 
