Azure Active Directory with Password-Realm Grant

I have been using Auth0 with the default Username-Password-Authentication Realm for awhile now and we are trying to migrate to using our Azure Active Directory. I figured this would be fairly straight forward and the grant type of password_realm would still be acceptable and we would just alter our realm to the name of the Azure Active Directory connector we created. Now when I hit the “Try” in the portal I am take to a Microsoft login box which authenticates just fine and takes me back to my Auth0 success page but when trying from the Auth0.js API or Postman I am only able to return “invalid_request” : “specified strategy does not support requested operation (undefined)”. I am posting the following information to the /oauth/token end point

grant_type - http://auth0.com/oauth/grant-type/password-realm
client_id - client_id for the Auth0 application that has not changed since previous
username - username of user
password - password of user
realm - name_of_azure_connector_in_portal

I am unsure exactly what I could be missing as I have been up and down the documentation for Azure Active Directory with Auth0 and its confusing as to why the portals “Try” test works successfully.

Any help would be greatly appreciated.

Also if I try to use the realm like I previously had of Username-Password-Authentication but login with the full domain credentials (user@my-ad.domain.com) I get incorrect password errors and now it seems to have blocked that user completely with the following error. So I would imagine you must specify the correct realm and Auth0 does not automatically know which to use even though you specify it in the portal when creating the Azure AD Connection. Unless I am incorrect?

“error”: “too_many_attempts”,
“error_description”: “Your account has been blocked after multiple consecutive login attempts. We’ve sent you an email with instructions on how to unblock it.”

But I can login successfully with the users added to the portal under the “Users” tab.

1 Like

@dan.woda Could anyone please respond to this thread? I am facing the same issue. Does this even possible?

1 Like