Sign in using resource owner password credentials (ROPC) returns "Not Found"

Luiz Lelis 31 Reputation points
2022-05-03T18:13:23.537+00:00

I created a User Flow on my Azure Active Directory B2C with the "Sign in using resource owner password credentials (ROPC)" type. I followed all the doc steps, but I'm receiving 404 status code as response with the following message:

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

I've already read some similar problems but no one of their solution had solved my problem:

Note: I'm not using any Custom Domain, I still using the default one "my-tenant.onmicrosoft.com"

That's the way how I'm trying to validate the ROPC User Flow:

curl --request POST \  
  --url 'https://my-tenant.b2clogin.com/my-tenant.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_ropc_auth' \  
  --header 'Content-Type: application/x-www-form-urlencoded' \  
  --header 'Host: login.microsoftonline.com' \  
  --data client_id=<my-client-id-goes-here> \  
  --data 'scope=openid <my-client-id-goes-here>' \  
  --data grant_type=password \  
  --data username=username@gmail.com \  
  --data password=StrongPassword@123 \  
  --data response_type=token  

What am I doing wrong?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,759 questions
{count} vote

Accepted answer
  1. AmanpreetSingh-MSFT 56,491 Reputation points
    2022-05-09T18:38:23.787+00:00

    @Luiz Lelis • Can you try without the --header 'Host' parameter?

    Also, username@Stuff .com must be a local account. ROPC won't work with actual Gmail Username and Password as it doesn't provide the capability to redirect to google's auth endpoint.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful