Everyone who tries to log on gets an Incorrect username or password error

This one doesn’t pop up very often, but it can occur: no matter who tries to log on to your site that login request is rejected with an Incorrect username or password error. In other words;


And this happens even when you know that the email addresses and the passwords are valid. Why are valid logins being rejected like this?

More often than not, the problems stems from an incorrect user_entity_type setting in your application client. Each application client must have the user_entity_type setting, and that setting must point to the entity type (user profile store) where your user profiles are kept:


For example, in the preceding screenshot, we see that user_entity_type is set to GREG_DEMO. That’s fine ... unless your user profiles are stored in, say, the user entity type. If they are, then any authorization request that uses this application client is going to fail. Which is to be expected: after all, the application client will be looking in GREG_DEMO for user accounts, and it’s not going to find any.

Fortunately, you can fix this problem simply by assigning the correct entity type to the application client. Before you do that, however, check the login policy associated with the application client; entity types are also referenced in the login policy:

   "id": "edbdb3e3-0b07-4122-8548-24165b3c9983",
   "identityStoreDetails": {
       "type": "janrainCapture",
       "connectionDetails": {
           "domain": "se-demos-gstemp.us-dev.janraincapture.com",
           "applicationId": "79y4mqf2rt3bxs378kw5479xdu",
         "entityType": "user",
            "clientId": "y4xfg6f44msac3vepjjvxggzvt3e3sk9",
           "clientSecret": "95ccxk7czbvuzx6dpte5k9p6dj5bzeku"

The application client’s user_entity_type setting must match the login policy’s entityType setting.