I’m new to this community and Auth0, so sorry if I’m posting this in the wrong forum session.
I have integrated our company Azure AD with Auth0 for some testing. I’m able to generate tokens for users correctly using the Implicit grant. However, when I try with the Password grant flow, it fails.
curl -X POST
-H ‘Accept: /’
-H ‘Cache-Control: no-cache’
-H ‘Connection: keep-alive’
-H ‘Content-Type: application/x-www-form-urlencoded’
-H ‘Host: javierholguera.eu.auth0.com’
-H ‘Postman-Token: f67c8935-85b2-4029-9411-cd14b32b679c,c86403a1-cbb8-4e85-b842-96740d45e4da’
-H ‘User-Agent: PostmanRuntime/7.11.0’
-H ‘accept-encoding: gzip, deflate’
-H ‘cache-control: no-cache’
-H ‘content-length: 405’
The error that I get back is:
“error_description”: “AADSTS90009: Application ‘17837d71-23e2-48d7-bc8c-b551d2a3f69e’(17837d71-23e2-48d7-bc8c-b551d2a3f69e) is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.\r\nTrace ID: 1a20622f-f6aa-4243-8426-6d38e1311200\r\nCorrelation ID: bb0255e2-5449-4243-8ade-adce03706957\r\nTimestamp: 2019-05-10 09:55:36Z”
Browsing around, seems like the problem might be with Auth0 not sending a “resource” parameter with the client_id instead of the App ID Uri. See: https://stackoverflow.com/questions/42006468/oauth-2-0-and-azure-active-directory-error-aadsts90009
This error is saying that the field you provided in the
resourceparameter is requesting tokens for itself. In the case you do want to get a token for the app specified in the client_id, then you have to pass the client_id in the resource field rather than the app ID URI. At which point you will receive an access token for self.
I’ve tried configuring my client_id value in Auth0 -> AD settings -> App ID Uri with this value “api://17837d71-23e2-48d7-bc8c-b551d2a3f69e” because it wouldn’t take the client_id alone (not a valid URI) and configured it in Azure AD but still not working.
Any idea how to fix this?