Add additional code indicating Password was fine, but Conditional Access Policy thwarted attempt

Question

Add additional code indicating Password was fine, but Conditional Access Policy thwarted attempt

mgeeky opened this issue 3 years ago · 2 comments

Hi,

This issue is similar to MSOLspray's one.

During our tests we've found, that when sprayed User with a correct password - attempt failed due to Conditional Access Policy requirements, following error code will be thrown:

AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow
token issuance.

error_uri: https://login.microsoft.com/error?code=53003
https://login.microsoft.com/error?code=53003%22,%22suberror%22:%22message_only%22%7D

Whereas the same attempt with a wrong password brings no such error.

The conclusion is that AADSTS53003 error code indicates correct password, but CAP getting into way.
I guess it's worth adding corresponding logic to handle that :)

Regards,
Mariusz.

Answer 1 · 2022-08-06T03:04:13.000Z

This is a great catch! Getting this added to a dev branch with several other updates.

Answer 2 · 2022-08-06T05:32:46.000Z

This has been implemented into the 'dev' branch.