Unable to authenticate to /oauth/token with automatically created passwords
Summary
With !133027 (merged) introduced in v16.5.0
users with automatically set passwords (OmniAuth provisioned accounts) are no longer able to authenticate to /oauth/token
as documented in the Resource owner password credentials flow unless they manually set a password.
In previous versions it was possible to provide LDAP credentials to the /oauth/token
to obtain a token and as a result many existing user scripts are broken.
Steps to reproduce
On a SM instance with LDAP configured
echo 'grant_type=password&username=dul&password=<your_password>' > auth.txt
curl --data "@auth.txt" --request POST "https://mygitlab-server/oauth/token"
What is the current bug behavior?
Generates the error:
{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
What is the expected correct behavior?
A response containing the access token.
Possible fixes
Edited by Paul Murray