Large customers have requested to be able to access their energy usage information via the Green Button Connect My Data API interface. Although the current CMD API definitions only envisioned Third Parties accessing their customer's energy usage information, this does not seem to be an unreasonable request.
All CMD API interfaces require the usage of an OAuth 2.0 generated access token, which is created during the authorization process. Currently the only OAuth 2.0 authorization flows supported are "authorization_code", "client_credentials", and "refresh". Although a customer could use the "client_credentials" flow to obtain an access token, such a token provides more access than may be either needed or desired. The OAuth 2.0 specification defines a "Resource_password" authorization flow that allows individual account owners to obtain an access token by providing their clientID:secret and Username= / Password= in the authorization request.
Addition of the OAuth 2.0 "Resource_password" authorization flow would allow large customers to access the CMD API interfaces to extract their energy usage data.