Overview
When using Cypress to log in with cy.origin(), the error invalid_grant appears in Postman with the error description Wrong email or password. As the Resource Owner Password Flow is used, a database connection stores the test user’s credentials, but the user is not found in the connection used for authentication.
Applies To
- Cypress
- Resource Owner Password Flow
- Database Connections
- API Authorization Settings
- Default Directory
- Realm Support
- User Directory Mapping
Cause
The credentials used for the login attempt do not belong to a user in the connection used for the authentication process. They are a user in a different connection. The “default_directory” value is set to the name of the connection to be used for Password Grant exchanges. The test user’s credentials are not stored in this connection, which makes retrieving their email and password impossible with the current configuration.
Solution
Solution 1
- Go to the Auth0 dashboard and navigate to your tenant Settings > General > API Authorization Settings.
- Replace the Default Directory value with the connection that should be used for Password Grant exchanges.
- Click Save.
Solution 2
- According to Auth0 official documentation: “Auth0 provides an extension grant that offers similar functionality to the Resource Owner Password grant, but allows you to keep separate user directories (which map to separate connections) and specify which one to use during the flow.”
Related References
- For more information, refer to Cypress documentation - Login with cy.origin()