> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Database/AD/LDAP (Active)

> Deprecated active authentication endpoint for database, AD, and LDAP connections; use the Resource Owner Password grant instead.

export const ResponseSchema = ({statusCode, type = "{}", children}) => {
  const [open, setOpen] = useState(false);
  return <div className="border border-gray-100 dark:border-gray-800 rounded-lg mb-3 overflow-hidden">
      <div className={`flex items-center gap-2.5 px-4 py-2.5 cursor-pointer select-none ${open ? "bg-gray-50 dark:bg-gray-800" : ""}`} onClick={() => setOpen(!open)}>
        {statusCode && <span className="border border-gray-300 dark:border-gray-600 text-gray-700 dark:text-gray-300 font-mono text-xs px-1.5 py-0.5 rounded">
            {statusCode.startsWith("default") ? "default" : statusCode}
          </span>}
        <span className="text-gray-500 dark:text-gray-400 text-sm font-mono">
          {type}
        </span>
        <span className="text-gray-400 dark:text-gray-500 text-sm italic">
          application/json
        </span>
        <svg className={`ml-auto opacity-50 transition-transform duration-200 ${open ? "rotate-180" : ""}`} width="16" height="16" viewBox="0 0 16 16" fill="none">
          <path d="M4 6l4 4 4-4" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" strokeLinejoin="round" />
        </svg>
      </div>
      {open && <div className="px-4 pt-1 pb-3 border-t border-gray-100 dark:border-gray-800">
          {children}
        </div>}
    </div>;
};

## Endpoint

`POST /oauth/ro`

<Note>
  This endpoint is part of the legacy authentication pipeline and has been replaced in favor of the [Password Grant](#resource-owner-password). For more information on the latest authentication pipeline refer to [Introducing OIDC Conformant Authentication](/api-auth/intro).
</Note>

Use this endpoint for API-based (active) authentication. Given the user credentials and the `connection` specified, it will do the authentication on the provider and return a JSON with the Access Token and ID Token.

### Remarks

* This endpoint only works for database connections, passwordless connections, Active Directory/LDAP, Windows Azure AD and ADFS.

* The main difference between passive and active authentication is that the former happens in the browser through the [Auth0 Login Page](http://manage.auth0.com/login) and the latter can be invoked from anywhere (a script, server to server, and so forth).

* The sample auth0.js script uses the library version 8. If you are using auth0.js version 7, please see this [reference guide](https://auth0.com/docs/libraries/auth0js/v7).

### Learn More

* [Database Identity Providers](https://auth0.com/docs/authenticate/database-connections)
* [Rate Limits on User/Password Authentication](https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy)
* [Active Directory/LDAP Connector](https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/active-directory-ldap/ad-ldap-connector)

## Body Parameters

<ParamField body="client_id" type="string" required>
  The `client_id` of your application.
</ParamField>

<ParamField body="username" type="string" required>
  Username/email of the user to login.
</ParamField>

<ParamField body="password" type="string" required>
  Password of the user to login.
</ParamField>

<ParamField body="connection" type="string" required>
  The name of the connection to use for login.
</ParamField>

<ParamField body="scope" type="string">
  Set to `openid` to retrieve also an ID Token.
</ParamField>

<ParamField body="grant_type" type="string" required>
  Set to `password` or `urn:ietf:params:oauth:grant-type:jwt-bearer`.
</ParamField>

<ParamField body="device" type="string">
  Required when `grant_type` is `urn:ietf:params:oauth:grant-type:jwt-bearer`.
</ParamField>

<ParamField body="id_token" type="string">
  Required when `grant_type` is `urn:ietf:params:oauth:grant-type:jwt-bearer`.
</ParamField>

## Response Schema

<ResponseSchema statusCode="200">
  <ResponseField name="id_token" type="string">
    The ID token.
  </ResponseField>

  <ResponseField name="access_token" type="string">
    The access token.
  </ResponseField>

  <ResponseField name="token_type" type="string">
    The type of token. Usually `Bearer`.
  </ResponseField>
</ResponseSchema>

<ResponseSchema statusCode="400">
  <ResponseField name="error" type="string">
    Error code.
  </ResponseField>

  <ResponseField name="error_description" type="string">
    Error description.
  </ResponseField>
</ResponseSchema>

## Response Messages

| Status | Description                        |
| ------ | ---------------------------------- |
| 200    | Successful authentication response |
| 400    | Bad Request                        |