Only enable_authorization_code is set to true (supports only Authorization Code Grant)
Use passthrough users with a 3rd party IdP (e.g. SAML IdP)
Use passthrough scopes, i.e. scope lookup via 3rd party service
Try to refresh an access token via the refresh_token grant
What happens
The refresh_token grant call to the /token endpoint fails with the following error message:
{
"error": "unauthorized_client",
"error_description": "The API content-api is not configured for the OAuth2 resource owner password grant."
}
Workaround: Enable the Resource Owner Password Grant on the API; it will not work to use that flow anyway, as the users come from a 3rd party IdP anyway.
DonMartin76
commented
5 years ago
Preconditions
enable_authorization_codeis set totrue(supports only Authorization Code Grant)refresh_tokengrantWhat happens
refresh_tokengrant call to the/tokenendpoint fails with the following error message:Workaround: Enable the Resource Owner Password Grant on the API; it will not work to use that flow anyway, as the users come from a 3rd party IdP anyway.