Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library
Add support for Resource Owner Password Credentials flow in Azure AD B2C and headless authentication in Microsoft Authentication Library, just like Azure AD and Active Directory Authentication Library has.
The Azure AD B2C page has been saying 'Get tokens using a username & password with the OAuth 2.0 Resource Owner Password Credentials Flow (coming soon)' since September 2015.
Just to provide an update, we are close to launching a private preview. We are in the final testing stages for this feature. We will have another update in the next few weeks with instructions on how to join the private preview.
While the ROPC flow seems to work on its own e.g. thru curl, postman, applying it to a web app seems impossible due to missing CORS header 'Access-Control-Allow-Origin' as described here: https://github.com/MicrosoftDocs/azure-docs/issues/21125
William Noel commented
I've waited literally years for items on this backlog to be completed.
Given the rate of progress on this item, it's reasonable to assume that we will see more delays rather than an on schedule delivery.
Gotta go with what works now, and that's Google.
I am ready to Join the private preview please let me know when its ready
What is the current status of this?
what is the current status on this, please provide an update.
Any update on this.
What is current status ? Can somebody update on this.
Any news on this moving to GA?
I've successfully tested this. Do you have any news then it will be in GA? Thank you!
Harpal Singh commented
is this available now?
Ryan Cole commented
"in the next few weeks" ... 10 months later
Jérôme Campo commented
Any more infor regarding Preview or GA of such feature ?
What is the timeline for this, I need it for an app currently under development. I would be sad to have to move to another provider as this feature is essential for our app.
Coding Panda commented
What is the timeline for this feature to transition from Preview to Release (General Availability)
Chris Brawley commented
I am implementing ROPC for our mobile app and successfully have authenticate and refresh working. Is API support planned for create account, password reset and edit profile via this API?
I need these capabilities to round out our mobile only experience for our end customers.
Naveen Nagaraju commented
We make use of AD username and password for authenticating the Users using Silent Sign in mechanism through AAD, where External apps makes a call to Web API[Authentication] with the valid credentials which will be inputted by user on 3rd party app UI[Login page], 3rd party app will make a call to Custom Web API[Authentication] will in turn makes a call to GraphAPI services to get the used authenticated where if successfully authenticated user will be issued with a Token.
It works Good for Internal Users , but when user is registered as guest user it fails though we are making an attempt for user to create new password on AAD.
This feature is working good using Microsoft sign-in page , but when we make a call to Graph API using silent sign in it fails .
This is the bare minimum feature which has to be provided for AAD services[Graph API etc] for supporting authentication mechanism , Can we get this Fixes in near releases , which will empower Application’s user AAD as a single platform for any authentication mechanism .
I`m experiencing a limitation problem here when asking scope for both the app id and its own scopes:
"error_description": "AADB2C90146: The scope 'openid 681ab7b4-2145-4dc9-b457-dcd5ae220b73 offline_access https://myB2C.onmicrosoft.com/api/sb.read'; provided in request specifies more than one resource for an access token, which is not supported.\r\nCorrelation ID: 8d958e72-8db2-41c2-8fbf-78d671dd894e\r\nTimestamp: 2018-06-07 20:33:20Z\r\n"
Wojciech Turowicz commented
I did manage to get tokens to be used in my APIs but the 'kid' validation fails. Is this a known feature? Don't really want to have to disable signature validation :/
Mike DePouw commented
Announcement and Instructions link here:
Markus Strobl commented
how to get access to the public preview? to which endpoint can I send my credentials?