Authorization Grant Types


we're integrating Sugar CRM with our product to import and push data, we're planning on using the REST API. My question is that the authentication flow requires us to get the username and password from the user into our client(Password grant type). Because the client application has to collect the user's password and send it to the authorization server, it is not recommended that this grant be used at all anymore, kind of defeats the purpose of OAuth.

Are there any solutions for 3 legged OAuth flows for on-site sugar instances?

Has anyone used Okta for this(or sugar Identity)? has anyone used sugarCRM API's accessing from okta(not directly to the sugarCRM) ?


the sugar version we're using is v9.0