Methods, apparatuses, systems, and computer-readable mediums for sharing user credentials in federated authentication are described herein. An identity provider may receive a user credential from a user device. The identity provider may receive, from a relying party, a request for an access token. The identity provider may encrypt the user credential based on a nonce that is uniquely generated for the relying party. The identity provider may send a response to the relying party. The response may include the access token, the encrypted user credential, and the nonce.