resource owner password flow for social account ( Gmail) not working always returns error given below even when the credentials are correct.
{ “error”: “invalid_grant”,
“error_description”: “The credentials provided were invalid.”
}
api i am hitting is https://dev-abc.okta.com/oauth2/{authserverid}/v1/token.
request body: {grant_type:password,username:abc@gmail.com,password:abc,scope:openid}
can anyone please suggest whats wrong here.
You cannot use Resource Owner Password grant for user’s that do not have a password within Okta, because in this flow, you must send your credentials to the Okta authorization server, instead of providing them at the external IdP where the user’s password exists.
In other flows, this step is handled via a redirect to that provider, to authenticate, and then back to Okta to have an Okta session created. This does not occur for the password grant flow. If you are looking to log users in via Google, you will need to use one of these flows instead: Implicit flow or Authorization Code flow (with PKCE or with Client Secret client authentication, depending on the type of app you are working on)
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.