Unable to use Password Realm Grant Type despite having Essentials Plan with Home Realm Discovery

EBA · August 1, 2025, 3:10pm

Hello,

I’m trying to implement the Resource Owner Password Flow with realm support for my application, but I’m encountering issues with the password-realm grant type.

My setup:

Plan: B2B Essentials (includes Home Realm Discovery feature)
Application: Tests Eric (Client ID: 1234)
Multiple database connections per application (tests-eric, client1, client2, etc.)

The problem: I need to use different database connections for different applications without setting a global Default Directory at the tenant level. According to your documentation, I should be able to use:

grant_type=http://auth0.com/oauth/grant-type/password-realm
realm=tests-eric

However, when I attempt this request, I get:

{"error":"unauthorized_client","error_description":"Grant type 'http://auth0.com/oauth/grant-type/password-realm' not allowed for the client."}

Questions:

How do I enable the password-realm grant type for my application?
I don’t see this option in Applications → Advanced Settings → Grant Types
Is there additional configuration needed to activate Home Realm Discovery?

What works:

Regular Password Grant works when I set a Default Directory globally
But I cannot use a global Default Directory due to multiple isolated applications

Could you please help me configure the Password Realm grant type for my application?

Thank you for your assistance.

Best regards, Eric

remus.ivan · August 1, 2025, 5:35pm

Hi @EBA,

Welcome to the Auth0 Community and thank you for your post!

The reason for this error should be enabling the password grant directly via the Management API, which will not enable the https://auth0.com/oauth/grant-type/password-realm as well. This Knowledge article - Error “Grant type ‘https://auth0.com/oauth/grant-type/password-realm’ not allowed for the client” specifies 2 possible solutions for this error:

Turn the ‘Password’ grant type off > Save > and then on again > Save in the dashboard.
update the client via the Management API using a command such as this:

curl -L -X PATCH 'https://YOUR-DOMAIN.auth0.com/api/v2/clients/YOUR-CLIENT-ID' \

-H 'Content-Type: application/json' \

-H 'Accept: application/json' \

-H 'Authorization: Bearer 🔒' \

-d '{"grant_types":["password","http://auth0.com/oauth/grant-type/password-realm"]}'

I hope this helps!
Thanks,
Remus

Topic		Replies	Views
Error "Grant type 'https://auth0.com/oauth/grant-type/password-realm' not allowed for the client" Knowledge Articles	1	2614	August 3, 2023
GrantType Resource Owner Password not allowed Get Help grant-types	4	5575	March 2, 2018
Password-realm grant type - 'Passwordless authentication is not allowed on this endpoint.' Get Help	2	4292	September 4, 2019
About setup authentication with grant-type/password-realm Get Help	3	10279	April 16, 2021
Grant_types "password" not committing after "Patch" Get Help api	2	2741	June 6, 2020

Unable to use Password Realm Grant Type despite having Essentials Plan with Home Realm Discovery

Related topics