Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
890
Views
5
Helpful
0
Replies

CSCvv50421 - Hybrid Integration with CUC SIB Ouath2.0 ROPC usage

Stephen.rich
Level 1
Level 1

‎01-27-2022 09:48 AM

For what it's worth, this is a very, very, very longstanding limitation of the ROPC flow with the Microsoft Identity Platform. ROPC is an incredibly poor choice for this purpose. A much better approach would be the client credentials grant which can still be used with the existing codebase for interacting with the Exchange Online API.

The ROPC flow defeats one of primary purposes of OAuth2.0 which is authorizing an app to access your data without giving it the username and password. You're basically doing basic auth to get an OAuth2.0 token.

 

Solid references on why you shouldn't use ROPC

https://auth0.com/docs/get-started/authentication-and-authorization-flow/resource-owner-password-flow

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

https://www.scottbrady91.com/oauth/why-the-resource-owner-password-credentials-grant-type-is-not-authentication-nor-suitable-for-modern-applications

 

 

2 people had this problem
Labels:
0 Replies 0
Customers Also Viewed These Support Documents