Getting 400 Bad Request with Azure AD B2C OAuth 2.0 token service for

Question

I am following the tutorial to [Set up a resource owner password credentials flow in Azure Active Directory B2C][1]

Here is my POST request in Postman -

https://

Answer 1

I finally got the ROPC flow to work after following the same doc as referenced above, having battled with that unhelpful 400 Bad Request for far too long.

In the Registered App I created, I had to enable "Accounts in any identity provider or organization". I could not edit an existing app into this state by editing the manifest, despite what the screenshot below suggests, I had to create the app that way.

oauth2AllowImplicitFlow has to be true as well of course.

BTW: after making changes to my registered app, I had to wait 5 - 10 mins for those changes to fully propagate.

Answer 2

@Sandeep G-MSFT any news on this? I'm having the same issue. Tried with

• passing in client_secret too
• adding/removing params

No way to understand what I'm missing

Answer 3

I face the same issue. I tried building a ROPC user flow and I tried creating custom policies. When I omit the client_id I get the error that I should pass a client_id in de request. When I enter an invalid client_id I get the message the client_id is invalid.

When I submit a valid client_id, no matter what my other parameters are, I simply get a '400 Bad Request' without any details.

Completely stuck on this now

Answer 4

I reported this as an issue with the docs here, please feel free to make comments there as well as it seems to get noticed there. The more comments there, the better.

https://github.com/MicrosoftDocs/azure-docs/issues/108605