Azure B2C - custom policy ROPC - Set grant_type, scope and client_id to be not mandatory

Stephen Li 40 Reputation points
2024-05-07T11:49:01.1766667+00:00

I could made a ROPC call to get access token with username, password, grant_type, scope and client_id as parameters.

Is it possible to configure the XML, so that I don't need to pass grant_type, scope, and client_id when make an ROPC call to obtain an access token and just use username and password?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,629 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 29,681 Reputation points Microsoft Employee
    2024-05-08T07:53:23.7266667+00:00

    Hi @Stephen Li ,

    Thanks for reaching out.

    To obtain the access token in the ROPC flow, it's essential to include grant_type, scope, and client_id as mandatory parameters.

    User's image

    In the custom policy XML, ensure all necessary parameters are included to acquire the access token. During the ROPC flow, along with the username and password, these parameters are sent to the authorization server for access token retrieval.

    Therefore, it's imperative not to regard these parameters as optional when making the request.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

0 additional answers

Sort by: Most helpful