I am trying to validate a user using Gmail and password.
curl --request POST --url “https://endpoint.eu.auth0.com/oauth/token” --data grant_type=password --data “username=username@gmail.com” --data “password=mypassword” --data “client_id=app id” --data “client_secret=application secret” --data “connection=google-oauth2”
i am getting {“error”:“invalid_grant”,“error_description”:“Wrong email or password.”}
Hello, @backtrack23 - welcome to the Auth0 Community!
This is happening because the Resource Owner Password Grant can only be executed against connections where the authorization server (in this case, Auth0) has the username and password. For Google connections, we actually federate into Google - we redirect to Google so that they can do the verification, and we never handle the username and password.
I very recently wrote an answer related to this, and I think it can provide an answer to your questions:
Let me know what you think!
dear @joseantonio.rey. Thank you for your immediate response. I am new to this. Actually i have REST API that needs to be protected. User can access it using either Gmail or Facebook account. Here the problem is, the REST API doesn’t have UI to redirect and authenticate user.
Can you please help me with the resource or way to authenticate the user using socail connection without UI?
Hello, @backtrack23,
Unfortunately, I do not think that we have any non-interactive ways of authenticating a user via a social connection. You could potentially leverage our Device Flow, but the user would still have to interact with this.