Skip to content

Native auth: Update Email OTP MFA to Match EC Implementation, Fixes AB#3351233 #2760

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nilo-ms merged 6 commits into from
Sep 18, 2025
Merged

Native auth: Update Email OTP MFA to Match EC Implementation, Fixes AB#3351233 #2760

nilo-ms merged 6 commits into from
Sep 18, 2025

Conversation

@nilo-ms
Copy link
Contributor

@nilo-ms nilo-ms commented Sep 12, 2025
edited
Loading

This PR updates the SDK to match the latest flow from EC.

In this new flow, the developer must always supply an auth Method to the /oauth2/v2.0/challenge endpoint which means once the .mfaRequired error is received from token endpoint, the /oauth2/v2.0/introspect endpoint needs to be called to retrieve the methods which are automatically returned to the external developer.

Furthermore, whenever calling the /token endpoint is called with an MFA Email OTP code, the grant type should be mfa_oob

Fixes AB#3351233

MSAL PR: AzureAD/microsoft-authentication-library-for-android#2379

@nilo-ms nilo-ms requested review from a team as code owners September 12, 2025 13:13
@github-actions
Copy link

github-actions bot commented Sep 12, 2025

❌ Work item link check failed. Description does not contain AB#{ID}.

Click here to Learn more.

@nilo-ms nilo-ms requested a review from andwhysoft September 12, 2025 13:17
@github-actions github-actions bot changed the title Native auth: Update Email OTP MFA to Match EC Implementation Native auth: Update Email OTP MFA to Match EC Implementation, Fixes AB#3351233 Sep 12, 2025
@nilo-ms nilo-ms mentioned this pull request Sep 12, 2025
Merged
@nilo-ms nilo-ms requested review from shenj and yongdiw September 17, 2025 10:22
@nilo-ms nilo-ms merged commit fa49d9c into feature/mfa-otp Sep 18, 2025
35 of 44 checks passed
@nilo-ms nilo-ms deleted the mmizrak/mfa-otp branch September 18, 2025 12:48
nilo-ms added a commit to AzureAD/microsoft-authentication-library-for-android that referenced this pull request Sep 18, 2025
@nilo-ms
Native auth: Update Email OTP MFA to Match EC Implementation, Fixes A…
1f9b11a 
…B#3351233 (#2379)

This PR updates the SDK to match the latest flow from EC.

In this new flow, the developer must always supply an auth Method to the
/oauth2/v2.0/challenge endpoint which means once the .mfaRequired error
is received from token endpoint, the /oauth2/v2.0/introspect endpoint
needs to be called to retrieve the methods which are automatically
returned to the external developer.

Furthermore, whenever calling the /token endpoint is called with an MFA
Email OTP code, the grant type should be mfa_oob

Fixes
[AB#3351233](https://identitydivision.visualstudio.com/Engineering/_workitems/edit/3351233)

MSAL Common PR:
AzureAD/microsoft-authentication-library-common-for-android#2760
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mustafamizrak mustafamizrak mustafamizrak approved these changes

@shenj shenj shenj approved these changes

@spetrescu84 spetrescu84 spetrescu84 approved these changes

@andwhysoft andwhysoft Awaiting requested review from andwhysoft

@yongdiw yongdiw Awaiting requested review from yongdiw

Assignees

No one assigned

Labels

native-auth

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@nilo-ms @mustafamizrak @shenj @spetrescu84