Azure Active Directory with Password-Realm Grant

jhazucha · December 4, 2019, 10:17pm

I have been using Auth0 with the default Username-Password-Authentication Realm for awhile now and we are trying to migrate to using our Azure Active Directory. I figured this would be fairly straight forward and the grant type of password_realm would still be acceptable and we would just alter our realm to the name of the Azure Active Directory connector we created. Now when I hit the “Try” in the portal I am take to a Microsoft login box which authenticates just fine and takes me back to my Auth0 success page but when trying from the Auth0.js API or Postman I am only able to return “invalid_request” : “specified strategy does not support requested operation (undefined)”. I am posting the following information to the /oauth/token end point

grant_type - http://auth0.com/oauth/grant-type/password-realm
client_id - client_id for the Auth0 application that has not changed since previous
username - username of user
password - password of user
realm - name_of_azure_connector_in_portal

I am unsure exactly what I could be missing as I have been up and down the documentation for Azure Active Directory with Auth0 and its confusing as to why the portals “Try” test works successfully.

Any help would be greatly appreciated.

jhazucha · December 4, 2019, 10:45pm

Also if I try to use the realm like I previously had of Username-Password-Authentication but login with the full domain credentials (user@my-ad.domain.com) I get incorrect password errors and now it seems to have blocked that user completely with the following error. So I would imagine you must specify the correct realm and Auth0 does not automatically know which to use even though you specify it in the portal when creating the Azure AD Connection. Unless I am incorrect?

“error”: “too_many_attempts”,
“error_description”: “Your account has been blocked after multiple consecutive login attempts. We’ve sent you an email with instructions on how to unblock it.”

But I can login successfully with the users added to the portal under the “Users” tab.

ilyas-shah · April 21, 2020, 10:27am

@dan.woda Could anyone please respond to this thread? I am facing the same issue. Does this even possible?

Topic		Replies	Views
Oauth/token responds with error": "invalid_grant", "error_description": "Invalid username or password" for Azure AD Help auth0 , login , azure-ad	8	7775	March 9, 2020
Oauth/token api not working if realm is Azure AD connection Help azure-ad	4	4194	August 23, 2019
Azure AD integration with Password Grant returns error Help azure-ad , password-grant	2	6019	September 5, 2019
Resource Owner Password (with realm) through Auth0 with AzureAD (Enterprise connection) Help azure-ad , enterprise	0	2310	February 1, 2022
About setup authentication with grant-type/password-realm Help	3	9395	April 16, 2021

Azure Active Directory with Password-Realm Grant

Related Topics