CaoXue95
commented
3 years ago Hi team, Good day, Could I know any update about this situation? thanks a lot~
Open CaoXue95 opened 3 years ago
CaoXue95
commented
3 years ago Hi team, Good day, Could I know any update about this situation? thanks a lot~
chrishasz
commented
3 years ago How do you have Azure AD configured? In most cases, you should be able to authenticate with username+password and Digest authentication as described here: https://www.chrishasz.com/spgo/authentication/digest-authentication
If you do use some interactive mechanism for authentication like MFA, then there is a limitation in VSCode which doesn't allow me to load a remote web page. You may be able to setup an app password. I'm also working on support for Addin-Only authentication, but I don't have a firm date on when that would be ready.
chrishasz
commented
3 years ago hello @CaoXue95 - SPGo supports Addin-only authentication as of version 1.7.0.
I still do not support MFA with interactive login, unfortunately.
Jbelmonte
commented
3 years ago Hello @chrishasz . First of all congrats for your great work.
Is there any planned milestone including this MFA feature? I see the underlying node-sp-auth library already includes the on demand authentication mechanism, but it cannot be bypassed because SPGo keeps crashing while verifying credentials. I guess it's not that easy as accepting a new authenticationType with the appropriate authenticationDetails, right?
chrishasz
commented
3 years ago Hello @Jbelmonte -
The barrier to supporting this right now is VSCode itself. The extension runtime actively blocks/prevents any browser windows from being opened interactively by an extension. This is the root cause that prevents me from supporting this functionality via node-sp-auth.
There are a few options that I've seen other extension authors use:
Neither of these is particularly attractive. Option 1 will likely be blocked by many default or enterprise browser configurations. Option 2 requires a specific browser be installed (Chrome, FF, Brave) and I don't want to make the assumption or requirement regarding which browsers are installed on a user.
Both of these options also undermine my vision that SPGo is lightweight and unobtrusive.
I would love to support this feature and I welcome any creative suggestions for how to make it work.
Jbelmonte
commented
3 years ago Understood. Thank you very much for your detailed explanation. Unfortunately I don't know how to help you to solve this situation. I guess I should explore the Addin Only authentication mechanism approach. Again, thank you @chrishasz .
chrishasz
commented
3 years ago @Jbelmonte please let me know if you have any issues getting the app password or addin-only auth working and thank you for using SPGo!
multimeric
commented
1 year ago Hi @chrishasz, I don't fully understand the blocker here, but have you considered DeviceCode style authentication? I've used it in another JS project and it works well, even without a browser being involved. It just prints a URL and a code to the console and the user has to paste the code into the URL and then it sends back a token. Nice and easy.
richardtj
commented
10 months ago Hello @chrishasz, great extension, but the MFA support recently affected our team when security policies changed, and Digest no longer authenticates.
I wonder if the issue you described in response to @Jbelmonte on Feb 7, 2021, is still true. If I use the Powershell extension from Microsoft and issue this command: Connect-SPOService -Url https://{ourdomain}-admin.sharepoint.com/ inside VS Code, it prompts me to authenticate. I don't know enough about extension development to know if this means the issue has been resolved or if I'm misinterpreting the difference between it and SPGo.
Hi SPGo team,
Good day, due to we are using Azure AD instead of ADFS on-premise, Could SPGo support multi factor authentication like this situation? Current environment: