question

09508315 avatar image
0 Votes"
09508315 asked 09508315 commented

I want to use GraphAPI in ROPC including redirect authentication of ADFS.

I want to use GraphAPI in ROPC including redirect authentication of ADFS.
I have to use graphapi in the ROPC method, but perhaps because of ADFS authentication, the following error occurs when obtaining an access token.
-------------‐-------
Error validating credentials due to invalid username or password.


Probably because there is federated authentication, but the authentication screen uses the same UPN and PASSWORD.
How can I use access tokens?

The development environment is Node.js

I am very troubled, so I would be happy if you could tell me if there is a detailed person.

azure-active-directorymicrosoft-graph-sdk
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered 09508315 commented

Hi @09508315 • Thank you for reaching out.

In case of ROPC flow, the credentials are directly checked against Azure AD and redirection to ADFS doesn't happen. However, you can use Azure policy to configure specific application(s) to do the password validation on the cloud without removing the federation. For this purpose, you can follow the steps I have provided in my blog post: ROPC (Username/Password) flow fails with AADSTS50126: Invalid username or password for federated users

If you don't want to enable Password Hash Sync for all users in the tenant, you may consider Selective password hash synchronization configuration for Azure AD Connect.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@09508315 • Just checking if you had a chance to test it out.

0 Votes 0 ·
09508315 avatar image 09508315 amanpreetsingh-msft ·

Thank you for your reply, amanpreetsingh. I did not use ROPC authentication using this operation, but it was helpful that this authentication does not redirect to ADFS.

0 Votes 0 ·