"AADSTS50155: Device is not authenticated" after ~3 months with "phone sign-in"

Which Version of MSAL are you using ? Microsoft.Identity.Client 3.0.8

Platform UWP

What authentication flow has the issue?

• Desktop / Mobile
  • Interactive
  • Integrated Windows Auth
  • Username Password
  • Device code flow (browserless)
• Web App
  • Authorization code
  • OBO
• Web API
  • OBO

Is this a new or existing app? Existing. I’ve come across this error in February, and resolved it by entering a password. I’m unsure if this falls in the MSAL bucket or AzureAD bucket. I don’t know who to complain to. https://stackoverflow.com/questions/54730227/aadsts50155-device-is-not-authenticated

Repro

try
{
    msalar = await pca.AcquireTokenSilent(scopes, user)
                  .WithAuthority(authority)
                  .ExecuteAsync();
}
catch (MsalUiRequiredException)
{
    msalar = await pca.AcquireTokenInteractive(scopes)
                  .WithAuthority(authority)
                  .WithAccount(user)
                  .WithExtraScopesToConsent(graphscopes)
                  .ExecuteAsync();
}

Expected behavior Code should work with AzureAD passwordless (phone sign-in). (https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-phone-sign-in)

Actual behavior Roughly 3 months after signing in with a password then just using my iPhone for phone sign-in, I get a AADSTS50155 error. Possible Solution Prompt user to use a password if AADSTS50155 is encountered.

    msalar = await pca.AcquireTokenInteractive(scopes)
                .WithAuthority(authority)
                .WithAccount(user)
                .WithExtraScopesToConsent(graphscopes)
                //I think this is not encouraged, but does this prompt password?
                .WithPrompt(Prompt.ForceLogin)
                .ExecuteAsync();