Unable to authenticate to /oauth/token with automatically created passwords

Summary

With !133027 (merged) introduced in v16.5.0 users with automatically set passwords (OmniAuth provisioned accounts) are no longer able to authenticate to /oauth/token as documented in the Resource owner password credentials flow unless they manually set a password.

In previous versions it was possible to provide LDAP credentials to the /oauth/token to obtain a token and as a result many existing user scripts are broken.

Steps to reproduce

On a SM instance with LDAP configured

• echo 'grant_type=password&username=dul&password=<your_password>' > auth.txt
• curl --data "@auth.txt" --request POST "https://mygitlab-server/oauth/token"

What is the current bug behavior?

Generates the error:

{"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

What is the expected correct behavior?

A response containing the access token.

Possible fixes