Does ADFS 2012 R2 support Auth2 Resource Owner Password Credentials flow

2k views Asked by At

I want to confirm ADFS support oAuth 2.0 completely support all the flow of oAuth 2.0
i.e.,

  1. 3-legged oAuth

  2. 2-legged oAuht

  3. Implicit flow

I am asking this because I try to use Resource Owner Password Flow(2-legged Oauth). Here is my code

                using (HttpClient client = new HttpClient())
                {
                    string creds = String.Format("{0}:{1}", "hello@ADFS FQDN", "christ");
                    byte[] bytes = Encoding.ASCII.GetBytes(creds);
                    var header = new AuthenticationHeaderValue("Basic",
                                               Convert.ToBase64String(bytes));


                    client.DefaultRequestHeaders.Authorization = header;

                    var postData = new List<KeyValuePair<string, string>>();

                    postData.Add(new KeyValuePair<string, string>
                                       ("grant_type", "password"));


                    HttpContent content = new FormUrlEncodedContent(postData);

                    token = client.PostAsync("http://adfs FQDN/adfs/oauth2/token/", content)
                                     .Result.Content.ReadAsStringAsync().Result;
                }

It gives me error grant_Type=password is not supported.
When I looked on my ADFS 2012 R2 machine event viewer log it also gives error that

"The authorization server does not support the requested 'grant_type': 'password'. The authorization server currently only supports 'grant_type=authorization_code'."

Please help me how to achieve this flow?

1

There are 1 answers

0
Alexei Surovi On

AD FS 3.0 (2012 R2) DOES NOT support grant_type=password for OAuth 2.0 but it supports grant_type=authorization_code and grant_type=refresh_token only. AD FS provides WS-Trust endpoints and you could use them instead of OAuth 2.0 endpoint for issuing and exchanging tokens. WS-Trust provides the endpoints for different types of authentication.