I wish to adapt code found here to write what effectively amounts to a script to upload files to OneDrive for Business. As I understand it, this effectively amounts to a "headless" native client application. I've successfully created an Azure AD native client application, assigned permissions, and created an AD service account to use to "execute" the script (and hold the files in OneDrive).
However, my organization's Azure AD requires multi-factor authentication. When I use the ADAL Python library to "acquire_token_with_username_password" I get a 400 Bad Request response with this error description:
adal.adal_error.AdalError: Get Token request returned http error: 400 and server response: {"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access 'https://login.windows.net/[tenant].onmicrosoft.com'.\r\nTrace ID: [uuid]\r\nCorrelation ID: [uuid]\r\nTimestamp: [timestamp]","error_codes":[50076],"timestamp":"[timestamp]","trace_id":"[uuid]","correlation_id":"[uuid]"}
I've also tried signing into O365 as the service account and creating an "app password" and using that as the password instead of the actual account password, but it also fails. The error is somewhat different - it is rejected due to an invalid password.
Given that this is a "headless" app (script), what are my options to authenticate? I'm struggling to find good information, especially for this headless/script case.
The resource owner password credentials grant flow doesn’t support MFA. To integrate with the Azure active directory which users require for MFA, you may consider use the other flow(eg. client credentials grant flow or authorization code grant flow).