We are inviting externals as guest to azure AD by email address. Now some of them have a personal AND a work account with this email address. If they link the personal account with our tenant and try to connect with python MSAL library, they will get an error.
- If they use their work account password, they will get: 'error': 'invalid_grant', 'error_description': 'AADSTS50020: User account '{EmailHidden}' from identity provider 'https://sts.windows.net/xxx-xx-xx/' does not exist in tenant 'Contoso' and cannot access the application 'xxx-xx-xx-xx'(Contoso App) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.'
- If they use their personal account password, they will get: 'error': 'invalid_grant', 'error_description': 'AADSTS50126: Error validating credentials due to invalid username or password.'
I think, msal is resolving the user email address as work account and try to login that one (which will fail) - and not the personal one which shall have the permissions to use the app.
Is there any way to fix this programmatically? We are currently using a ROPC flow for that; and I know, this is not the recommended way.
