Username password flow fails with WAM

[jiasli]

Describe the bug Username password flow (also called Resource Owner Password Credentials flow) fails with WAM.

To Reproduce Steps to reproduce the behavior:

1. Create a PublicClientApplication instance with enable_broker_on_windows=True
2. Login with acquire_token_by_username_password

Expected behavior The login should be successful.

What you see instead

> az login --username xxx@xxx.onmicrosoft.com --password xxx
(pii). Status: Response_Status.Status_InteractionRequired, Error code: 3399614467, Tag: 508609292
Please explicitly log in with:
az login

The MSAL Python version you are using 1.24.1 from https://github.com/AzureAD/microsoft-authentication-library-for-python/pull/613

Additional context Using the same user account, acquire_token_by_username_password succeeds if enable_broker_on_windows is set to False.

[rayluo]

I tried downgrade PyMsalRuntime and MSAL Python to older proven versions, but still ran into error. I'm stuck. Can you share some insight, @ashok672 ?

[MSAL:0002] ERROR ErrorInternalImpl:134 Created an error: 7rhai, StatusInternal::InteractionRequired, InternalEvent::None, Error Code 3399614467, Context 'SubError: device_authentication_failed V2Error: invalid_grant AADSTS50155: Device authentication failed. Trace ID: e1f2eacb-c30d-405c-80d3-841620975600 Correlation ID: 3eaf835b-a1fc-4568-9996-ccf56bfbd15d Timestamp: 2023-11-01 01:19:03Z'

[MSamWils]

The device authentication failed.

Reason:

• AAD is unable to authenticate the device to issue a PRT
• Please confirm the device has not been deleted or disabled in the Azure portal.

Resolution :

Follow steps listed here to re-register the device based on the device join type.

[rayluo]

As part of #569, username password name flow bypasses broker, for now.