Sign in using resource owner password credentials (ROPC) returns "Not Found"

Question

question

luizhlelis asked May 3, '22 amanpreetsingh-msft commented May 10, '22

Sign in using resource owner password credentials (ROPC) returns "Not Found"

I created a User Flow on my Azure Active Directory B2C with the "Sign in using resource owner password credentials (ROPC)" type. I followed all the doc steps, but I'm receiving 404 status code as response with the following message:

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

I've already read some similar problems but no one of their solution had solved my problem:

Note: I'm not using any Custom Domain, I still using the default one "my-tenant.onmicrosoft.com"

That's the way how I'm trying to validate the ROPC User Flow:

 curl --request POST \
   --url 'https://my-tenant.b2clogin.com/my-tenant.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_ropc_auth' \
   --header 'Content-Type: application/x-www-form-urlencoded' \
   --header 'Host: login.microsoftonline.com' \
   --data client_id=<my-client-id-goes-here> \
   --data 'scope=openid <my-client-id-goes-here>' \
   --data grant_type=password \
   --data username=username@gmail.com \
   --data password=StrongPassword@123 \
   --data response_type=token

What am I doing wrong?

azure-ad-b2c

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

luizhlelis · May 03 at 10:27 PM

I tried also as the following:

 curl --request POST \
   --url https://my-tenant.b2clogin.com/my-tenant.onmicrosoft.com/b2c_1_ropc_auth/oauth2/v2.0/token \
   --header 'Content-Type: application/x-www-form-urlencoded' \
   --header 'Host: login.microsoftonline.com' \
   --data client_id=<my-client-id-goes-here> \
   --data 'scope=openid <my-client-id-goes-here>' \
   --data grant_type=password \
   --data username= username@gmail.com \
   --data password=StrongPassword@123 \
   --data 'response_type=token'

That's different from the endpoint specified in ".well-known" specification but that's the way how the official documentation recommends and also the way how msal-for-python is doing it. I still receiving 404 Not Found status code but now without any message.

1 ·

Answer 1 · 2022-05-09T18:38:23.787Z

amanpreetsingh-msft answered May 9, '22 amanpreetsingh-msft commented May 10, '22

@luizhlelis • Can you try without the --header 'Host' parameter?

https://my-tenant.b2clogin.com/my-tenant.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_ropc_auth (URL without the "Host" header)
https://login.microsoftonline.com/my-tenant.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_ropc_auth (URL with the "Host" header)

Also, username@gmail.com must be a local account. ROPC won't work with actual Gmail Username and Password as it doesn't provide the capability to redirect to google's auth endpoint.

· 2

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

luizhlelis · May 09 at 06:50 PM

@amanpreetsingh-msft • It worked without the --header 'Host' parameter, that was the problem. About the username: I was testing it with a local account.
Thank you very much!

0 ·

amanpreetsingh-msft luizhlelis · May 10 at 05:14 AM

@luizhlelis • Thanks for the update. Glad that it helped.

Converting my comment to answer. Kindly "Accept the answer" to help us and others in the community.

1 ·

question