Stack Overflow
Stack Overflow

Questions tagged [ropc]

18 questions
1
vote
1 answer

Resource Owner Password Credentials flow not working in Azure AD B2C

Was trying to utilize ROPC (Resource Owner Password Credentials) flow to login in through Azure AD B2C. Followed this documentation:…
Amrit Anand
  • 11
  • 3
1
vote
2 answers

Need admin approval unverified This app may be risky. If you trust this app, please ask your admin to grant you access

I have made a web app that using Microsoft Graph API's. when we authenticate user using their personnel account then it work perfectly but when someone use their organizational account then error display which is "AADSTS65001: The user or…
amir tariq
  • 35
  • 1
  • 7
1
vote
1 answer

Using Azure AD B2C Resource Owner Password Credentials (ROPC) how do you protect the API

I am new to azure and my intention initially was to have a standalone API which would be protected by client credentials and then any app out in the world if they had the client credentials would get access to the API endpoints. It turns out that…
PicBuilder
  • 33
  • 4
1
vote
0 answers

Silent (non-interactive) user authentication with OAuth

The scenrio is that The service API requires user information (userid or sign in email) to process the API call and it better to extract the info from access token. From client side (could be a webpage), we expect to use a fix account…
Distance
  • 21
  • 1
0
votes
1 answer

Azure B2C + ROPC: User password reset and refresh tokens

I'm working on a Web API (ASP.Net, C#, Entity Framework) and I can't get user password reset and refresh tokens working. I have tried so many things and my boss is getting a bit nervous since I don't have any progress to show. The important bit is…
ManuBera
  • 5
  • 4
0
votes
2 answers

Is it possible to use ROPC to update profile if sign-in was done using Authorization Code with MFA?

We're in the process of migrating our authentication process from ROPC to Authorization Code with MFA. We currently use ROPC for Sign Up, Sign In, Reset Password, Forgot Password, and Profile Edit. Due to the MFA requirement, we need to move the…
Kiran Ramaswamy
  • 605
  • 1
  • 8
  • 19
0
votes
1 answer

Is it possible to implement Azure AD B2C Auth using ROPC and MFA?

Microsoft docs pretty much explicitly say "no" (bold added by me): ROPC doesn’t work when there's any interruption to the authentication flow that needs user interaction. For example, when a password has expired or needs to be changed, multifactor…
Kiran Ramaswamy
  • 605
  • 1
  • 8
  • 19
0
votes
1 answer

Azure B2C ROPC flow (Web Api): Let Users reset their password

I've just found out how to update the password of a signed-in user via Graph api in my Web Api. Now I need to send a user that is not signed-in an email with a new password so they can sign in and change their password. How can I send an email to an…
ManuBera
  • 5
  • 4
0
votes
1 answer

Recreating Malicious login in Azure AD

We had a user's creds exposed and a threat actor used them to successfully log in to Azure CLI with the user's creds. We've since resolved the access issue using conditional access and our MFA (which admittedly was a hole). I'm trying to recreate…
sysadmintor
  • 1
  • 1
0
votes
0 answers

Error response when using Resource owner password credentials flow (ROPC) in Azure Active Directory

I am trying to set up a resource owner password credentials flow (ROPC) in Azure Active Directory. My objective is to generate an OAuth 2.0 Access token using my Company org AAD username/password. I have registered an AAD App with Application…
user6734184
  • 111
  • 2
  • 2
  • 4
0
votes
1 answer

CORS issue while hitting Azure AD's ROPC endpoint from React Application

My end goal is to authenticate a AD user with his/her username and password credentials only, After research, got to know about ROPC flow, so I created an App Registration, used its tenantID, clientID and such parameters and hit the API with…
Johnson Jayaraj
  • 24
  • 4
0
votes
2 answers

ASP.NET Core Web API & Azure: unauthenticated error, access token in header

I thought my goal was simple enough. I have a client that makes calls to a Web API (registered in an Azure B2C tenant) to receive an access token. So far so good. When I use this access token to call a Web API method that is secured with the…
ManuBera
  • 5
  • 4
0
votes
1 answer

How can we create a User Flow in Azure-ad-b2c for ROPC authentication and then how can we use it in postman or in laravel controller

Actually I have some issues related run a code for get a token from Microsoft graph API. Kindly guide me that how can I create a user flow with ROPC authentication and then how can we run it on postman or in Laravel controller to get a token. I…
amir tariq
  • 35
  • 1
  • 7
0
votes
2 answers

How can we authenticate a user using Microsoft Azure ROPC (Resource owner password credentional)

I want to authenticate user using Microsoft graph azure (ROPC) but i got some error . I think that there is some issue during azure app setting. all error which i face are given below enter image description here or when I use other email address…
amir tariq
  • 35
  • 1
  • 7
0
votes
0 answers

AADSTS50126: Error validating credentials due to invalid username or password

Using the same situation as our friend reported in his question: invalid_grant: AADSTS50126: Error validating credentials due to invalid username or password As I understand it, the solutions presented focus on changes and moves within the AAD…
Gustavo Lopes
  • 1
  • 1
1
2