@Eric Chen , Thank you for reaching out. The reason a federated user fails with the Resource Owner Password Grant flow is because for a federated user Azure AD has to redirect the user to the specific federation Server that belongs to the user's on-prem domain so that the ADFS server can get the auth down with the local domain controller. In Resource Owner Password grant flow this redirect is not possible hence it is not able to validate the username and password and hence that error.
As a suggestion, you can create a new cloud only user whose username and password should reside in Azure AD, so that when using Resource Owner password Grant flow you submit the user's credentials, AAD can authenticate the user without any redirections.
This user can be a normal user in AAD and the respective delegated permissions should be present in the app registration. Now one more thing to make sure is, if the delegated permission that you are providing needs admin consent then before the user logs in to the application, the admin has to provide the admin consent to this delegated permission. If you want to the user to provide his/her own consent (if the delegated permission needs user consent) when you would have to somehow provide the user consent before going ahead with the Resource Owner Password Grant Flow.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.