From e472eededabdca322827859731ef0bd922de73aa Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Wed, 8 Jun 2016 06:10:13 +0200
Subject: [PATCH] Added example to use direct grant

---
 topics/oidc/oidc-generic.adoc | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/topics/oidc/oidc-generic.adoc b/topics/oidc/oidc-generic.adoc
index 9c9fd6c89b..98bc456da6 100644
--- a/topics/oidc/oidc-generic.adoc
+++ b/topics/oidc/oidc-generic.adoc
@@ -133,10 +133,28 @@ There are a number of limitations of using this flow, including:
 * No support for identity brokering or social login
 * Flows are not supported (user self-registration, required actions, etc.)
 
+For a client to be permitted to use the Resource Owner Password Credentials grant the client has to have `Direct Access Grants Enabled` enabled.
+
 This flow is not included in OpenID Connect, but is a part of the OAuth 2.0 specification.
 
 For more details refer to the https://tools.ietf.org/html/rfc6749#section-4.3[Resource Owner Password Credentials Grant] chapter in the OAuth 2.0 specification.
 
+===== Example using CURL
+
+The following example shows how to obtain an access token for a user in the realm `master` with username `user` and password `password`. The example is using
+the confidential client `myclient`:
+
+[source,bash]
+----
+curl \
+  -d "client_id=myclient" \
+  -d "client_secret=40cc097b-2a57-4c17-b36a-8fdf3fc2d578" \
+  -d "username=user" \
+  -d "password=password" \
+  -d "grant_type=password" \
+  "http://localhost:8080/auth/realms/master/protocol/openid-connect/token"
+----
+
 ==== Client Credentials
 
 Client Credentials is used when clients (applications and services) wants to obtain access on behalf of themselves rather than on behalf of a user. This can