Azure AD- Resource owner credential flow error Invalid username or password

Question

I am using Azure AD Resource owner credentials OAuth flow. It was working as expected, but for approx. a month it has stopped working. Surprisingly, it's still working well for some users who are created as "Guest User" under the same directory. This is the exact error I am getting in response:

{"error":"invalid_grant","error_description":"AADSTS70002: Error validating credentials. AADSTS50126: Invalid username or password\r\nTrace ID: bd62a235-6a28-4c7d-bae9-37a36c0e4300\r\nCorrelation ID: 3bb7d88c-1ced-4cf2-9f37-5cc200849cea\r\nTimestamp: 2018-09-03 09:53:35Z","error_codes":[70002,50126],"timestamp":"2018-09-03 09:53:35Z","trace_id":"bd62a235-6a28-4c7d-bae9-37a36c0e4300","correlation_id":"3bb7d88c-1ced-4cf2-9f37-5cc200849cea"}

Answer 1

As per the above error message, Error validating credentials AADSTS50126: Invalid username or password. It is coming because the credentials are incorrect or the client does not have consent for the requested scope. This error may come because scopes are not granted.

Below screenshot may help you to pass correct values in postman:

Please make sure you consent the scopes like below:

If you still get the same error, please try to use another user credentials.

For more information on ROPC flow, you can check the below document:

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc#protocol-diagram

I hope this solves your issue.

Answer 2

It is possible that you didn't grant permissions to your app for certain users. Make sure all of the users are added to the app and ensure that you have the correct web.config or app settings parameters.

Also, have you tried manually resetting the passwords for these users in the portal?

Please check the troubleshooting steps on this similar thread to see if this can resolve the issue.