Open jiasli opened 5 months ago
Thank you for opening this issue, we will look into it.
3. MSAL doesn't use broker for ROPC flow anymore
FYI: MSAL Python is going to bring ROPC-via WAM back.
- We are enforcing MFA on our test tenant.
- We are investigating enforcing MFA on client tools' first party applications, including Azure CLI and Azure PowerShell.
What about 3rd party customers whose admin may not enforce MFA? ROPC may still work for them. Withdrawing it from Azure CLI may break their usage.
What about 3rd party customers whose admin may not enforce MFA?
We won't allow that. MFA will be enforced on all tenants.
Related command
az login
Is your feature request related to a problem? Please describe.
az login
supports Resource Owner Password Credentials (ROPC) flow, which is also known as username password flow:ROPC flow is not a recommended flow (https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth-ropc):
There are also some recent changes:
Describe the solution you'd like
ROPC flow inherently doesn't work with MFA (https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth-ropc):
As we are broadening the scope of MFA enforcement, we should consider deprecating and removing ROPC flow support.