We had created our own password type grant where user was sending his username and password over the wire to validate on our server and then getting an access token. Although this is ok but we would like to stop users from sending username and password over the wire. To achieve that in this tutorial, we will create a new grant type – Facebook grant type where the user will send an access token which he will get from Facebook oauth server and send to our server. We will validate the access token and then send him an access token using which he can access resources on our server. In this entire process as you can see, the user doesn’t need to send his username and password to our server at any point of time.