Azure-docs: Resource is "Required" if using MFA

@Tiberriver256 Thanks for your feedback! We will investigate and update as appropriate.

Hey @Tiberriver256 what kind of conditional access policy do you have setup for your MFA?

Can you reproduce consistently? And what is the exact request you're sending to the authorize endpoint that you're expecting a Multi-Factor auth?

I don't have too much info on the MFA side.

This request does not trip the MFA:

https://login.microsoftonline.com/mydomain.com/oauth2/authorize?client_id=myclientid&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000/login/auth.aspx&response_mode=query

This request does:

https://login.microsoftonline.com/mydomain.com/oauth2/authorize?client_id=myclientid&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8000/login/auth.aspx&response_mode=query&resource=myResourceGuid

The only difference between the two being a resource was requested. It is reproducable 100% of the time for me.

hey @Tiberriver256 thanks again for that information. I was just following up on this. Currently we're still looking into this issue and will get back to you as soon as possible once we have a response. Thanks and stay tuned!

Hi @Tiberriver256 - this is expected. If you don't tell the server what resource you plan to call, then the server doesn't know to trigger the conditional access policies for that resource.

Yep, that makes sense to me. I'm just asking here that it be documented somewhere.

Hey @Tiberriver256 alright sounds good, let me go ahead and put this in as a note. Now that we have confirmation that this is in fact supposed to work this way.

Thanks for your feedback, as this change is being made I will be going ahead and closing out this github issue by end of day Monday. Please let us know if you have anymore concerns, and thanks again!