Unable to validate credentials with gran_type password

Question

Unable to validate credentials with gran_type password

Bava, Alberto 0

Hello,

I'm trying to get an id_token in python using this code:

AUTHORITY = f"https://login.microsoftonline.com/{TENANT_ID}"    
auth_url = f"{AUTHORITY}/oauth2/v2.0/token"
data = {
    "username": RR_EMAIL,
    "password": GAD_PASSWORD,
    "grant_type": "password",
    "client_id": CLIENT_ID,
    "scope": ["User.ReadBasic.All"],
}
response = requests.post(auth_url, data=data).json()

however i get the following error:

AADSTS50126: Error validating credentials due to invalid username or password. Trace ID: 7b067bd0-6006-4510-8e68-b4ed0e267201 Correlation ID: 5a513c9d-948f-494c-aca5-8eb4de19f12d Timestamp: 2024-01-08 14:29:31Z

I'm sure my credentials are correct, can you please help me to resolve the issue?

JamesTran-MSFT 36,871 Reputation points Microsoft Employee Moderator

2024-01-24T23:00:08.86+00:00

@Bava, Alberto
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Bava, Alberto 0 Reputation points

2024-01-25T12:22:40.75+00:00

Hi @JamesTran-MSFT , no the problem persists:
RuntimeError: AADSTS50126: Error validating credentials due to invalid username or password. Trace ID: aa50371b-c97e-4b7a-bfe4-4853eeb1c600 Correlation ID: 48ab726b-4b47-4e12-a7a8-6a0280b516bc Timestamp: 2024-01-25 12:20:54Z

using the code with the msal library is the only way I get it to work

1 answer

Your answer

JamesTran-MSFT 36,871 Reputation points Microsoft Employee Moderator

2024-01-24T23:00:08.86+00:00

@Bava, Alberto
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Bava, Alberto 0 Reputation points

2024-01-25T12:22:40.75+00:00

Hi @JamesTran-MSFT , no the problem persists:
RuntimeError: AADSTS50126: Error validating credentials due to invalid username or password. Trace ID: aa50371b-c97e-4b7a-bfe4-4853eeb1c600 Correlation ID: 48ab726b-4b47-4e12-a7a8-6a0280b516bc Timestamp: 2024-01-25 12:20:54Z

using the code with the msal library is the only way I get it to work

Answer 1

Hi @Bava, Alberto , based on the error message, it seems that the credentials you are using to authenticate are incorrect. Please make sure that the RR_EMAIL and GAD_PASSWORD variables contain the correct values for your account.

Also, please note that using the Resource Owner Password Credentials (ROPC) grant flow is not recommended as it requires the client to collect the user's credentials, which is not secure. Instead, you should consider using the Authorization Code grant flow or the Device Code grant flow.

Here is an example of how to use the Authorization Code grant flow to obtain an ID token in Python:

import requests
import msal

CLIENT_ID = "your_client_id"
CLIENT_SECRET = "your_client_secret"
AUTHORITY = "https://login.microsoftonline.com/your_tenant_id"
REDIRECT_URI = "http://localhost:8000"

app = msal.PublicClientApplication(CLIENT_ID, authority=AUTHORITY)

# get authorization code
auth_url = app.get_authorization_request_url(
    scopes=["openid", "profile", "email"],
    redirect_uri=REDIRECT_URI
)
print("Please go to this URL to authenticate:", auth_url)
auth_code = input("Enter the authorization code: ")

# exchange authorization code for access token and ID token
token_response = app.acquire_token_by_authorization_code(
    auth_code,
    scopes=["openid", "profile", "email"],
    redirect_uri=REDIRECT_URI,
    client_secret=CLIENT_SECRET
)

id_token = token_response["id_token"]
print("ID token:", id_token)

Please replace the CLIENT_ID, CLIENT_SECRET, and AUTHORITY variables with the appropriate values for your application and tenant. Also, make sure to register your application in Azure AD and configure the appropriate redirect URI. Please let me know if you have any questions and I can help you further.

If this answer helps you please mark "Accept Answer" so other users can reference it.

Thank you,

James

Bava, Alberto 0 Reputation points

2024-01-09T07:48:46.8633333+00:00

hi James,

the credential are correct because if i use this piece of code:

import msal app = msal.PublicClientApplication( client_id=CLIENT_ID, authority=AUTHORITY ) result = app.acquire_token_by_username_password( RR_EMAIL, GAD_PASSWORD, scopes=SCOPE )

it works. I just wanted to have a code that didn't require msal to work.

Anyway thanks for your reply, i'll look into that workflow as well

Share via

Unable to validate credentials with gran_type password

1 answer

Your answer