MFA support

[sushant-pradhan]

Hello,

I see that the plugin doesn't support Multi Factor Authentication. I have my Azure side setup with OpenID (to prompt for MFA after login) and I am not getting prompted for MFA since scope argument isn't passed:

&scope=openid

Refer:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-openid-connect-code

[hkamel]

Thanks @an-sush ... Hello @jmprieur should the authorization URL include the scope=openid to trigger the MFA or there is other way from AAD configurations?

[hkamel]

Hello @an-sush, I have tried the plug-in against my Azure AD tenant where MFA is enabled and it's working as expected. what exact error are you facing?

[jmprieur]

@hkamel if the tenant admin requires MFA for each sign-in, the scope=openid would be enough. Now if the tenant admin requires MFA for other resources that need to be accessed by the plug-in (I don't think that this would be the case for SonarQube / SonarCloud), the scope for this resource should also be provided, in the case of an AAD V1 app (as there is no dynamic consent, contrary to AAD V2)

[sushant-pradhan]

Hello @hkamel with MFA turned on Azure side, the plugin is just prompting for password and not MFA. It allows login without MFA. Ideally it should challenge for MFA after entering credentials. The pull request #38 is fixing the issue and I have validated it

[hkamel]

A new draft release has been published 1.1-RC2 the announcement has been sent to the official SonarSource community to kick the official release.