Handling Multi-Factor Authentication #141
-
|
Hi, |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 5 replies
-
|
Looks at first glance that the MFA token lifetime has expired on a trusted device and that each time the client tries to access the (old) Graph API during authentication, it demands re-authentication |
Beta Was this translation helpful? Give feedback.
-
The flow redirects to login page. After successful login, I am redirected back with auth code. I wonder how to make it do MFA check (e.g. phone message)? |
Beta Was this translation helpful? Give feedback.
-
|
You should have either security defaults or conditional access set it up in the tenant in order to achieve this. You can also enforce MFA per user via the old MFA portal |
Beta Was this translation helpful? Give feedback.
-
|
@olimjonbakirov Did you fix the problem ? |
Beta Was this translation helpful? Give feedback.
-
|
Also bumping for this. @olimjonbakirov did you figure out how to get this to work? |
Beta Was this translation helpful? Give feedback.
-
@theblindfrog and @hlecorche I was able to solve it then years ago. As far as I remember the solution was to add 'scope' and I think 'User.Read' was mandatory for MFA to work. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @olimjonbakirov, added the scopes worked for me (although through testing, I only needed |
Beta Was this translation helpful? Give feedback.
@theblindfrog and @hlecorche I was able to solve it then years ago. As far as I remember the solution was to add 'scope' and I think 'User.Read' was mandatory for MFA to work.
$this->client = new \TheNetworg\OAuth2\Client\Provider\Azure([
'clientId' => env('azure.client_id'),
'clientSecret' => env('azure.client_secret'),
'scope' => ['openid', 'profile', 'email', 'User.Read'],
'redirectUri' => env('azure.redirect_uri')
]);
let me know if it does not work - I can look up further.