Azure B2C - custom policy ROPC - Set grant_type, scope and client_id to be not mandatory

Stephen Li 40 Reputation points
2024-05-07T11:49:01.1766667+00:00

I could made a ROPC call to get access token with username, password, grant_type, scope and client_id as parameters.

Is it possible to configure the XML, so that I don't need to pass grant_type, scope, and client_id when make an ROPC call to obtain an access token and just use username and password?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2024-05-08T07:53:23.7266667+00:00

    Hi @Stephen Li ,

    Thanks for reaching out.

    To obtain the access token in the ROPC flow, it's essential to include grant_type, scope, and client_id as mandatory parameters.

    User's image

    In the custom policy XML, ensure all necessary parameters are included to acquire the access token. During the ROPC flow, along with the username and password, these parameters are sent to the authorization server for access token retrieval.

    Therefore, it's imperative not to regard these parameters as optional when making the request.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.