Only enable_authorization_code is set to true (supports only Authorization Code Grant)
Use passthrough users with a 3rd party IdP (e.g. SAML IdP)
Use passthrough scopes, i.e. scope lookup via 3rd party service
Try to refresh an access token via the refresh_token grant
What happens
The refresh_token grant call to the /token endpoint fails with the following error message:
{
"error": "unauthorized_client",
"error_description": "The API content-api is not configured for the OAuth2 resource owner password grant."
}
Workaround: Enable the Resource Owner Password Grant on the API; it will not work to use that flow anyway, as the users come from a 3rd party IdP anyway.
Preconditions
enable_authorization_code
is set totrue
(supports only Authorization Code Grant)refresh_token
grantWhat happens
refresh_token
grant call to the/token
endpoint fails with the following error message:Workaround: Enable the Resource Owner Password Grant on the API; it will not work to use that flow anyway, as the users come from a 3rd party IdP anyway.