invalid_grant", "error_description": "AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace

Kumar, Rajeev (CWF) 31 Reputation points

Hi @AmanpreetSingh-MSFT ,@MarileeTurscak
I am calling Https://<myTenantId>/oauth2/token url for refresh token . but i am getting below error

"error": "invalid_grant",
"error_description": "AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: dbf5175a-6d99-49db-8dfb-c7be1f9a1700\r\nCorrelation ID: d279d8ec-577f-4a5c-b1b0-2a68d4e0e68b\r\nTimestamp: 2021-05-18 11:19:07Z",
"error_codes": [
"timestamp": "2021-05-18 11:19:07Z",
"trace_id": "dbf5175a-6d99-49db-8dfb-c7be1f9a1700",
"correlation_id": "d279d8ec-577f-4a5c-b1b0-2a68d4e0e68b",
"error_uri": ""
I have reseted the password also but did not work. i am trying to resolve this issue since last 2 month

Please help me on this

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,104 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,642 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,216 Reputation points

    Hi @Kumar, Rajeev (CWF) · Thank you for reaching out.

    By tracking the Correlation and Request ID, I found that the account you are using is a federated account, which requires redirection to ADFS for authentication. The ROPC (password) flow doesn't support this redirection and tries to authenticate the user directly in Azure AD. Hence, the error AADSTS50126: Error validating credentials due to invalid username or password. is thrown.

    To resolve the issue, you can choose to go with one of the below options:

    1. Create a cloud only user account, reset the temporary password and use that account.
    2. If creating cloud-only user is not an option for you, follow the instructions I have provided in This Blog Post. If you choose to go with this option and don't want to sync password hash for all accounts, use Selective password hash synchronization


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
  1. Kumar, Rajeev (CWF) 31 Reputation points

    Thank you so much @AmanpreetSingh-MSFT

    I am using a cloud only user account. Now I'm able to obtain an authorization token with this new cloud only service account

    Thanks your quick help.

    0 comments No comments