Hi guys, how are you? We are evaluating Ory Cloud with the intention of migrating our user authentication from another provider, but I got stuck with the admin API. Can anyone please help pointing out what am I missing? Goal Generate an ID token (OIDC) based on username and password combination What I Tried First I created a minimum viable OAuth 2.0 client through the admin API:

POST /admin/clients
{
  "grant_types": [
    "password"
  ],
  "redirect_uris": [
    "<https://dev.gorila.com.br>"
  ],
  "response_types": [
    "id_token"
  ]
}

To which I received a new

client_id

Then, I created a dummy user:

POST /admin/identities
{
  "schema_id": "<preset://email>",
  "credentials": {
    "password": {
      "config": {
        "password": "test"
      }
    }
  },
  "traits": {
    "email": "<mailto:test@gorila.com.br|test@gorila.com.br>"
  }
}

Now, I am trying to generate an id token for it:

POST /oauth2/token
client_id:{{client_id}}
grant_type:password
scope:openid
redirect_uri:<https://dev.gorila.com.br>
username:test@gorila.com.br
password:test

I also tried variations adding:

response_type:id_token
nonce:xxxxxxx

But this request gives me a inconclusive error message:

{
  "error": "invalid_request",
  "error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified."
}

What am I doing wrong?

Hi, thank you for the question! You’re trying to run the resource owner password grant, which is legacy and will be removed in OAuth 2.1. It’s a very insecure compromise the authors of OAuth made to satisfy requirements by Microsoft. We thus do not support it, but we for sure can help you upgrade your system onto Ory’s security model 🙂