Resource owner password flow in Azure AD B2C

Rory Braybrook
Oct 1, 2018 · 2 min read

One of the hardest things I find is to keep up with what’s happening in Azure, specifically around Identity.

The ROPC flow wasn’t supported for ages and then , by chance, I came across .

It’s a good article with easy to follow steps and I got it working in Postman.

The flow returns an ID token, an access token and a refresh token.

The id_token is:

Nat Sakimura, the chairman of the OpenID Foundation, has a of when you should use this flow.

Scott Brady discussed why you don’t need it for browser-less devices now that the is available. (And further thoughts on why is for Modern Applications).

I see a use for it in unit / integration testing where you want to test an API with the context of a user but you don’t want to physically have to authenticate e.g. in a CI/CD scenario.

But at least now you have the choice!

All good!

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude. Azure AD/ADFS. Plus Auth0. North Shore .NET User Group Admin. Ignite - http://bit.ly/2D05Uh7 YouTube - http://bit.ly/2lzBqXQ

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.