[Feature Request] Username/Password (ROPC) over confidential client

[bgavrilMS]

This is a consistency item. Tracking epic: https://identitydivision.visualstudio.com/Engineering/_backlogs/backlog/Auth%20Client%20-%20Client%20SDK%20-%20DotNet/Features/?showParents=false&workitem=2092736

Work to be done:

• throw exception for federated users, we don't want to support this scenario.
• add new API cca.AcquireTokenByUsernamePassword(string[], string, string) (no support for SecureString). I recommend adding new API and not moving existing API to base class.
• Static caching of tokens?
• Integration tests

For now, we should restrict this to cloud users only.

[bgavrilMS]

@rayluo - how did you implement this on MSAL py for federated users, where the public client flow uses SAML?

[rayluo]

@rayluo - how did you implement this on MSAL py for federated users, where the public client flow uses SAML?

That change in and of itself did not alter how MSAL handles federated users. As long as the IDP does not - and I do not see why they should - behave differently on whether a request also contains client secret (or client certificate), MSALs should not need to treat federated users differently than before.

[bgavrilMS]

Not planned for Q1