Trying to login through API and not able to get access token

Question

Hi

Calling this api to get token using grant_type=password https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token

  client_id: xxxx,

        scope: "https://graph.microsoft.com/.default",

        client_secret: xxxxx,

        grant_type: "password",

        username: "xxxxx",

        password: "xxxxx",

and getting response as

"error": "invalid_grant",

"error_description": "AADSTS50056: Invalid or missing password: password does not exist in the directory for this user.

How to get the token or what is the wrong with the client id used here

Azure logs says that "Failure reason

Invalid or missing password: password does not exist in the directory for this user."

Answer 1

Hi @Ranjith Kumar Jain

There are two possible reasons for this error:

1. The password that you have provided in the body of your token acquisition call is a temporary password. Temp password is marked as expired and postman doesn't provide an option for you to reset that. If it is a temp password, please try to sign-in to portal.azure.com or portal.office.com and set a permanent password for the user account you are using.
2. The user account you are using is a federated account and is not synced to the Azure AD. In that case, please follow the instruction provided in blog post here: https://medium.com/@amanmcse/ropc-username-password-flow-fails-with-aadsts50126-invalid-username-or-password-for-federated-90c666b4808d

Hope this helps.

If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.