Username / Password not getting a token for an @microsoft account, whereas ADAL is

[bgavrilMS]

---

name: Bug report about: Create a report to help us improve

---

Which Version of MSAL are you using ? Note that to get help, you need to run the latest preview or non-preview version For ADAL, please log issues to https://github.com/AzureAD/azure-activedirectory-library-for-dotnet 2.2.0-preview

Which platform has the issue? .net and uwp

What authentication flow has the issue?

• Desktop
  • [ ] Interactive
  • [ ] WIA
  • [ x ] U/P
  • [ ] Device code flow (browserless)
• [ ] Mobile
• Web App
  • [ ] Authorization code
  • [ ] OBO
• Web API
  • [ ] OBO

Other? - please describe;

Repro

1. Have a user with a corp account (e.g. @microsoft.com) in an env where MFA is not required (e.g. corpnet)
2. Try to get a token using U/P (just like the samples)

Actual:

Federated service at https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed returned error: ID3242: The security token could not be authenticated or authorized. ---> Microsoft.Identity.Client.MsalServiceException: Federated service at https://msft.sts.microsoft.com/adfs/services/trust/2005/usernamemixed returned error: ID3242: The security token could not be authenticated or authorize

Expected: A token. Important note: the same setup but hitting the v1 endpoint (i.e. ADAL) is getting a token.

[jmprieur]

Closing as this is a service side configuration of conditional access.