pm-24210-v2 (#6144)

src/Identity/IdentityServer/RequestValidators/DeviceValidator.cs

@@ -95,8 +95,7 @@ public class DeviceValidator(
 
         // Device still unknown, but if we are in an auth request flow, this is not valid
         // as we only support auth request authN requests on known devices
-        if (request.GrantType == PasswordGrantType && isAuthRequest &&
-            context is { TwoFactorRequired: false, SsoRequired: false })
+        if (request.GrantType == PasswordGrantType && isAuthRequest)
         {
             (context.ValidationErrorResult, context.CustomResponse) =
                 BuildDeviceErrorResult(DeviceValidationResultType.AuthRequestFlowUnknownDevice);

test/Identity.Test/IdentityServer/DeviceValidatorTests.cs

@@ -324,13 +324,26 @@ public class DeviceValidatorTests
         Assert.True(result);
     }
 
-    [Theory, BitAutoData]
+    [Theory]
+    [BitAutoData(false, false)]
+    [BitAutoData(true, false)]
+    [BitAutoData(true, true)]
+    [BitAutoData(true, false)]
+
     public async void ValidateRequestDeviceAsync_IsAuthRequest_UnknownDevice_Errors(
+        bool twoFactoRequired, bool ssoRequired,
         CustomValidatorRequestContext context,
         [AuthFixtures.ValidatedTokenRequest] ValidatedTokenRequest request)
     {
         // Arrange
-        ArrangeForHandleNewDeviceVerificationTest(context, request);
+        request.GrantType = "password";
+        context.TwoFactorRequired = twoFactoRequired;
+        context.SsoRequired = ssoRequired;
+        if (context.User != null)
+        {
+            context.User.CreationDate = DateTime.UtcNow - TimeSpan.FromDays(365);
+        }
+
         AddValidDeviceToRequest(request);
         _deviceRepository.GetByIdentifierAsync(context.Device.Identifier, context.User.Id)
             .Returns(null as Device);