Azure活动目录支持Resource Owner Password Credentials Grant（grant_type=password）流。但是，在使用之前，请考虑是否确实需要它。正如它在OAuth 2.0 RFC中所说：

The resource owner password credentials (i.e., username and password) can be used directly as an authorization grant to obtain an access token. The credentials should only be used when there is a high degree of trust between the resource owner and the client (e.g., the client is part of the device operating system or a highly privileged application), and when other authorization grant types are not available (such as an authorization code).

如果您已经确定其他支持的流肯定不会对您的场景起作用，那么也一定要遵循RFC中的第二点建议：

Even though this grant type requires direct client access to the resource owner credentials, the resource owner credentials are used for a single request and are exchanged for an access token. This grant type can eliminate the need for the client to store the resource owner credentials for future use, by exchanging the credentials with a long-lived access token or refresh token.

（在两种情况下都增加了强调。）

GitHub上有一个.NET和ADAL示例使用这个流，它应该足够简单，可以在Python中实现：https://github.com/AzureADSamples/NativeClient-Headless-DotNet

编辑：你可以在任何你想要的地方托管你的应用程序，它不需要在Azure上。这适用于所有流。