Azure Resource Owner Password Credentials Flow
This article demonstrates how to set up ROPC (Resource Owner Password Credentials) flow in Azure and important points to consider when using ROPC flow.
Join the DZone community and get the full member experience.Join For Free
Azure provides ROPC (Resource Owner Password Credentials) flow where the Application exchanges user credentials for accessToken and refresh token. There are a few important points to consider when planning to use ROPC flow.
1. This flow doesn't work with federated IDPs like Facebook, GitHub, Microsoft, etc., and works with local accounts only.
2. Invited accounts don't work with this flow.
3. It does not work if the MFA (Multi-Factor Authentication) is enabled.
Below are a few steps to set up ROPC.
Just like in other OAuth2 providers we have to register an application, similarly, we'll be creating one app registration here.
1. Log in to https://portal.azure.com
2. In the search box type Azure Active Directory
3. Find and navigate to App Registrations on the left panel.
4. Click on + New Registration
5. Add the application name in the given form and choose the supported account types. In my case, I've selected the Accounts in this organizational directory only because I'm creating the single-tenant access only. If you want your app can access multiple tenants then you can choose the other options provided in the form.
6. Once the app is created then you'll be redirected to the App Overview page. Now here you need to find and navigate to the API Permission on the left panel.
7. Grant admin consent for the default directory.
8. Now click on the Authentication on the left panel and select Treat application as a public client and then hit save.
Congratulations you've configured the AppRegistration and setup the ROPC successfully.
Create Test User
To test the flow I'll be creating one user as my email id doesn't belong to the tenant in which I've created the app registration.
1. To create a user type Azure Active Directory in the search box and click on the users in the left panel. (Make sure you're on the same tenant where you've created the App Registration).
2. Click New User and then select Create User. Once the user is created then open a new tab and try to login to https://portal.azure.com and change the password if you've chosen the Auto-generate password option.
Now it's time to make the API call to get the token.
Use the below API to get the token
Goto App Registration overview page to get tenantId and clientId details.
Azure ROPC resources
- Spring security using OAuth2 with Microsoft AzureAD
- Spring security using OAuth2 with Microsoft AzureAD B2C
- Configure the resource owner password credentials flow in Azure AD B2C
- Microsoft identity platform and the OAuth 2.0 client credentials flow
Published at DZone with permission of Jitendra Bisht. See the original article here.
Opinions expressed by DZone contributors are their own.