Share via

OAuth 2.0 login from an application

Tom Flanagan 21 Reputation points
2022-12-28T17:42:28.097+00:00

I am getting this error trying to set up OAuth 2.0 login from an application. Error Code: 50126 Message: Error validating credentials due to invalid username or password. Username and password are definitely correct. Azure App registration is set up and correct company ID and Secret are being used. I can get a cloud only account to work which seems to validate my App Registration, but an AD account synched to O365 using Okta will not work. Cloud account - ******@tennant.onmicrosoft.com works. Domain account - testemail@keyman .com does NOT work

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bhanu Kiran 3,616 Reputation points
    2022-12-28T18:11:25.063+00:00

    Hi @Tom Flanagan ,

    I understand that you are receiving the AADSTS50126 error even though the correct password is entered.

    If the account is using federated authentication, this error is also expected. This is because if you have Federated authentication enabled for user sign-in, you get redirected to the federated IDP for credential validation. When you are using the ROPC flow via postman, this redirection is not possible and it results in the "Invalid username or password" error.

    Note that federated authentication does not just mean that you are using ADFS. You can use 3rd party IDPs such as Auth0, OneLogin, and others. You will know that you are using federated authentication if you see the below image while signing in via browser with the same account:
    274663-signin.png

    Alternatively, to make this scenario working with Federated accounts,

    1. Sync users' passwords to Azure AD. If you don't want to sync password for entire organization, you may consider using Selective Password Hash Sync.
    2. Create a policy to allow credentials validation of federated users from within Azure AD.
    3. Link the policy to the application, for which you want to use ROPC flow with federated accounts.

    Please refer to these threads -
    https://learn.microsoft.com/en-us/answers/questions/385629/index.html
    https://learn.microsoft.com/en-us/answers/questions/38035/index.html

    Hope this helps.
    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.