Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIX: Fix Microsoft connector and adjust workflow #1

Merged
merged 1 commit into from
Oct 8, 2021
Merged

FIX: Fix Microsoft connector and adjust workflow #1

merged 1 commit into from
Oct 8, 2021

Conversation

schuhu
Copy link

@schuhu schuhu commented Oct 8, 2021

Overview
This PR adds the openid scope necessary for the Microsoft Identity Platform v2 as well as changes the user and group scopes to the ones now supported on the Microsoft graph API.
This PR was created together with Microsoft backend engineers and fixes dexidp#1855

What this PR does / why we need it
The current Microsoft connector just works. But if you enabled features like 2fa on your Microsoft Azure AD Application this is not enforced, because the scopes used trigger the Azure App in a different way than intended.

So, to be able to use 2fa on a Microsoft Azure AD App, you need those changes.

Special notes for your reviewer
I tested this change locally with group sync and refresh token. Same behaviour as before, except that policies like 2fa applied to the Azure AD App now are enforced by Microsoft.

Does this PR introduce a user-facing change?
NONE

@schuhu schuhu merged commit 84b4b56 into master Oct 8, 2021
@schuhu schuhu deleted the microsoft-oidc-fix branch October 8, 2021 08:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add openid scope to request for Microsoft Azure connector
1 participant
@schuhu