The authorization grant type is not supported by the authorization server

Questions
#1

For an internal trusted product, we want to use the Resource Owner Password flow as described here https://developer.okta.com/docs/guides/implement-password/use-flow.

POST https://dev-....oktapreview.com/oauth2/default/v1/token
Accept: application/json
Authorization: Basic  MG9hdz... // base64(clientid:clientsecret)
Content-Type: application/x-www-form-urlencoded

grant_type=password
&username=...
&password=...
&scope=openid

Unfortunately I get the following error message, the grant_type is not supported.

{
  "error": "unsupported_grant_type",
  "error_description": "The authorization grant type is not supported by the authorization server. Configured grant types: [authorization_code, password]."
}

Is there a problem in the API or am I using the call incorrectly? Allowed grant types Use resource owner password and client authentication as client credintials is set in the application.

#2

Did you enable the Resource Owner Password grant type in your Okta app settings? If you don’t see that option, then the app type you’re using using might not support it.

Screen Shot 2020-12-30 at 9.00.26 AM
Screen Shot 2020-12-30 at 9.00.26 AM727×475 23.3 KB

You might also want to check your access policy/rule for your authorization server and confirm the grant type is enabled there as well.

Screen Shot 2020-12-30 at 9.04.39 AM
Screen Shot 2020-12-30 at 9.04.39 AM700×371 15.2 KB

#3

Thanks for the answer. I have already made the settings in the application and the auth server I am using for this flow.

rrrrrrrrrr
rrrrrrrrrr1570×388 35.2 KB

#4

how are you making the call? With Curl or Postman. If using Curl or some other tool it sounds like maybe the data portion is not getting passed correctly. If using Curl can you verify your request looks like,

curl --location --request POST 'https://SOMEDOMAIN.okta.com/oauth2/default/v1/token' \
--header 'Accept: application/json' \
--header 'Authorization: Basic MG9hOHdndGMzdjJQejg1QVAxZ....==' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=password&username=igor.dean%40oktaice.com&password=Password&scope=openid'

For the --data section do not use line breaks \

Another option with line breaks would be

curl --location --request POST 'https://SOMEDOMAIN.okta.com/oauth2/default/v1/token' \
--header 'Accept: application/json' \
--header 'Authorization: Basic MG9hOHdndGMzdjJQejg1QVAxZDY6W...==' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=igor.dean@oktaice.com' \
--data-urlencode 'password=Password1' \
--data-urlencode 'scope=openid'