It should not be necessary to use the /oauth/ro endpoint.
There are two alternatives.
we highly recommend not using the Resource Owner Password Grant flow for Native applications. It goes against the IETF standard for a variety of reasons. I highly recommend you read through the concerns before implementing this flow (including following the links below and reading the concerns laid out in the standard).
If you truly must use ROPG in your native app instead of PKCE as is recommended, then you can use our OIDC compliant ROPG endpoint. Instead of /oauth/ro.
If there is some reason you can’t use that endpoint, then you can create a support ticket to get /oauth/ro enabled on your tenant, but you will have to justify why the above two options won’t work for you in the support ticket.
Unfortunate we are talking about a legacy application. Whilst adding login via a browser (probably by bundling in a webkit browser) is planned, this is will not happen for a while and is out of my control. In the mean-time we need to add 0Auth2/OpenIDC so ROPG seems like the way to go right now.
I’ve tried using the endpoint you indicated, but I am getting the following 500 Internal Server Error response:
"error_description": "Authorization server not configured with default connection."
Use the password-realm grant type. Just pass the different grant_type and then you can add an additional “realm” property to the call which should be set to the database connection name you want to use
Go to your tenant settings (drop-down in the upper right side of the manage dashboard). I believe it is on the general page, you can set the default connection for ROPG there.
Client Application settings:
The Client application who’s client ID you are using must be of type native and password must be checked within the Applications -> Settings -> Advanced Settings -> Grant Types pannel
Tenant Settings: (Under tenant user account -> settings)
Set General -> API Authorization Settings ->Default Directory to Username-Password-Authentication