Grant type 'http://auth0.com/oauth/legacy/grant-type/ro' not allowed for the client.

We are in the process of deploying auth0 for our application. During testing, with an account created a couple months ago we had no issues. But with new accounts created on 6/13 we’re seeing different behavior. In particular, the issue we’re seeing is when trying to use the AuthenticationClient.database.signIn method in your node sdk:

c = new AuthenticationClient({
  clientId: "BCMjqx1XTd9mtBZ4Y6QUvd4E77toKOO1",
  clientSecret: "<redacted>",
  domain:           "somedomain.auth0.com"
});

c.database.signIn({
  username: "someuser@test.com",
  password: "<redacted>"
});

Upon calling signIn I get the following error:

APIError: {
  "error":"unauthorized_client",
  "error_description":"Grant type 'http://auth0.com/oauth/legacy/grant-type/ro' not allowed for the client.",
  "error_uri":"https://auth0.com/docs/clients/client-grant-types"
}

I added some debugging to the sdk and here are the details of the rest call being made:

{ url: 'https://somedomain.auth0.com/oauth/ro',
  method: 'POST',
  data:
   { client_id: 'BCMjqx1XTd9mtBZ4Y6QUvd4E77toKOO1',
     grant_type: 'password',
     scope: 'openid',
     username: 'someuser@test.com',
     password: '<redacted>',
     connection: 'Username-Password-Authentication' }
}

Everything seems to be set up the same between the functioning and non-functioning accounts. We assume the problem stems from the grant changes that were made on 6/7 but we haven’t been able to come up with a solution in this case.

Thanks!

Take a look at the following related post: Error "Grant type 'password' not allowed for the client." for Resource Owner Password flow - Auth0 Community

I did review that post but as the error we’re getting is about a “legacy” grant that we cannot apply, I’m not certain how we can proceed. Is the AuthenticationClient.database.signIn method still viable?

I have the exact same issue.

Hey @nightcrawlermathius, we found a workaround yesterday. Rather than use the sdk’s AuthenticationClient.database.signIn method (which appears to be broken for all acounts created after 6/7/2017), we implemented our own rest call which uses the new “password” grant type:

https://auth0.com/docs/api-auth/tutorials/password-grant#ask-for-a-token

In order for this to work you’ll have to patch the client (via the Management API) to add the “password” grant to your client as described here:

For those that are using react-native-lock. Check out this issue: Grant type 'http://auth0.com/oauth/legacy/grant-type/ro' not allowed for the client. · Issue #165 · auth0/react-native-lock · GitHub

Basically: there’s nothing you can do unless you build you own UI.

I did review that post but as the error we’re getting is about a “legacy” grant that we cannot apply, I’m not certain how we can proceed. Is the AuthenticationClient.database.signIn method still viable?

I have the exact same issue.

Hey @nightcrawlermathius, we found a workaround yesterday. Rather than use the sdk’s AuthenticationClient.database.signIn method (which appears to be broken for all acounts created after 6/7/2017), we implemented our own rest call which uses the new “password” grant type:

https://auth0.com/docs/api-auth/tutorials/password-grant#ask-for-a-token

In order for this to work you’ll have to patch the client (via the Management API) to add the “password” grant to your client as described here:

For those that are using react-native-lock. Check out this issue: Grant type 'http://auth0.com/oauth/legacy/grant-type/ro' not allowed for the client. · Issue #165 · auth0/react-native-lock · GitHub

Basically: there’s nothing you can do unless you build you own UI.