Resource Owner Password Flow Native App Failure

Hi,

I am trying to set up a native app with custom login screen. When I use the Okta AppAuth sdk to login(username, password) it fails with “invalid_grant: The credentials provided were invalid.” I know I am entering my correct login.

Digging into the logs on the server they show:
User login to Okta
failure : PASSWORD_BASED_LOGIN_DISALLOWED

I have not been able to find a setting for this anywhere on the Okta admin site.
I have allowed the resource owner grant type.

and I am using Client Authentication

This is what the swift code looks like:

The plist has: clientSecret, clientId, issuer, redirectUri, and scopes

Any idea what else I can do to enable password based login?

Thank you!
Eric

Hi Eric,

I am assuming primary authentication also fails - how was the user you are testing for created in this Okta tenant?

Thanks for the fast reply. To create my user I browsed to our oktapreview url, and logged in through adfs.

Example url to register: https://tenant.oktapreview.com/

Hi Eric,

That makes sense - the user was created with their credential provider as FEDERATION (to ADFS) and as the error code indicated, they are not able to do a password-based login. So for this user, the password grant would not be an option.

Are all users going to be created this way? If so, it might be best to to take a step back and consider implementing the Authorization Code flow

All of our users will be created this way. Is there a way to have a login form in the native app with ADFS users? Could we make the authorize requests ourselves? Or would we run into the same issue?

Thanks!