OAuth2 Resource Owner Password Grant via API

Question

I am currently building an API which requires OAuth2, but cannot find a library to use that will handle the single sign on in a native mobile app via RESTful API only. Most

Answer 1

I work with Rob, and we did finally get the call to work with https://login.microsoftonline.com/[tenant_ending_in_onmicrosoft.com]/oauth2/token

In the body of the POST, we did the following:

resource=https%3A%2F%2FGraph.windows.net&client_id=[B2C Settings - Applications - AppId]&grant_type=password&username=rob%40[tenant].onmicrosoft.com&password=[password]&client_secret=[B2C Settings - Applications - App Key - client_secret]

Our error with the namespace was due to the usernames we were trying. This is a B2C tenant using email as the username and that was the reason for the namespace error. The only way we got past that error was to create a B2C user with the email address ending in the tenant, like so:

rob@[tenant].onmicrosoft.com.

We are getting an access token now, but that token does not authenticate with our azure app service api app, which was the original goal. What we are trying to accomplish is to send the username and password that is valid for a B2C signin and get an IdToken or Access Token that is valid for the api app. The api app connects to B2C via App Service Authentication settings configured for AAD with the Client ID and secret setup from the B2C Settings Application.

UPDATE: If I add ?p=[B2C SignUpIn Policy] to the POST, then we get the following error:

AADB2C90224: Resource owner flow has not been enabled for the application.