Skip to content

[Profile] az login: Show warning for MFA error#12516

Merged
jiasli merged 4 commits intoAzure:devfrom
jiasli:mfa-warning
Mar 17, 2020
Merged

[Profile] az login: Show warning for MFA error#12516
jiasli merged 4 commits intoAzure:devfrom
jiasli:mfa-warning

Conversation

@jiasli
Copy link
Member

@jiasli jiasli commented Mar 10, 2020
edited
Loading

Partially mitigate #6962. MFA cross-tenant trust is still under development by service team.

During az login, show warning for MFA error. This happens when the home tenant doesn't require MFA but the other tenants where the user is a guest of do. When getting access token with refresh token for those MFA tenants, CLI gives the raw error which isn't very instructive:

AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access 'xxx'.

This PR checks the exception and provides instructions on how to work with MFA tenants:

Tenant da086fa3-023f-4500-bf56-0f19d3065440 requires Multi-Factor Authentication (MFA). To access this tenant, use 'az login --tenant' to explicitly login to this tenant.

For the test, since CI still uses nosetests while we locally use pytest, it is difficult to verify captured logs in both test frameworks: https://docs.pytest.org/en/latest/logging.html#caplog-fixture

We can manually run the test with -o log_cli=True to check that the warning is displayed correctly:

pytest -o log_cli=True src/azure-cli-core/azure/cli/core/tests/test_profile.py::TestProfile::test_find_using_common_tenant_mfa_warning

@jiasli jiasli self-assigned this Mar 10, 2020
@jiasli jiasli added this to the S167 milestone Mar 10, 2020
@yonzhan
Copy link
Collaborator

yonzhan commented Mar 10, 2020

add to S167

qianwens
qianwens approved these changes Mar 11, 2020
View reviewed changes
Copy link
Member

@qianwens qianwens left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

arrownj
arrownj reviewed Mar 17, 2020
View reviewed changes
@jiasli jiasli merged commit 5519f24 into Azure:dev Mar 17, 2020
@jiasli jiasli deleted the mfa-warning branch March 17, 2020 05:18
@jiasli jiasli mentioned this pull request Mar 24, 2020
Merged
@jiasli jiasli mentioned this pull request May 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fengzhou-msft fengzhou-msft Awaiting requested review from fengzhou-msft

@haroldrandom haroldrandom Awaiting requested review from haroldrandom

@Juliehzl Juliehzl Awaiting requested review from Juliehzl

2 more reviewers

@arrownj arrownj arrownj approved these changes

@qianwens qianwens qianwens approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jiasli jiasli

Labels

None yet

Projects

None yet

Milestone

S167

Development

Successfully merging this pull request may close these issues.

4 participants

@jiasli @yonzhan @arrownj @qianwens