Resource Owner Password Flow Native App Failure

erics · April 23, 2018, 4:51pm

Hi,

I am trying to set up a native app with custom login screen. When I use the Okta AppAuth sdk to login(username, password) it fails with “invalid_grant: The credentials provided were invalid.” I know I am entering my correct login.

Digging into the logs on the server they show:
User login to Okta
failure : PASSWORD_BASED_LOGIN_DISALLOWED

I have not been able to find a setting for this anywhere on the Okta admin site.
I have allowed the resource owner grant type.

and I am using Client Authentication

This is what the swift code looks like:

The plist has: clientSecret, clientId, issuer, redirectUri, and scopes

Any idea what else I can do to enable password based login?

Thank you!
Eric

schandra · April 23, 2018, 6:00pm

Hi Eric,

I am assuming primary authentication also fails - how was the user you are testing for created in this Okta tenant?

erics · April 23, 2018, 6:41pm

Thanks for the fast reply. To create my user I browsed to our oktapreview url, and logged in through adfs.

Example url to register: https://tenant.oktapreview.com/

schandra · April 23, 2018, 7:10pm

Hi Eric,

That makes sense - the user was created with their credential provider as FEDERATION (to ADFS) and as the error code indicated, they are not able to do a password-based login. So for this user, the password grant would not be an option.

Are all users going to be created this way? If so, it might be best to to take a step back and consider implementing the Authorization Code flow

erics · April 23, 2018, 8:12pm

All of our users will be created this way. Is there a way to have a login form in the native app with ADFS users? Could we make the authorize requests ourselves? Or would we run into the same issue?

Thanks!

system · January 12, 2024, 9:53pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.