Cli-microsoft365: CLI login issue on Azure DevOps Pipelines for an account with multi-factor authentication

Due to the nature of MFA being an interactive login process it is not possible to automate this in the CLI.

I would consider either using a certificate or an account without MFA enabled automation purposes.

I would suggest consulting the guide below, which details the supported login options of the CLI.

https://pnp.github.io/office365-cli/user-guide/connecting-office-365/

Also, since v2 of the CLI, the spo login command was replaced with login (without the spo prefix).

Hi @garrytrinder ,
I don't think that i can use the certificate approach thou since I'm using in DevOps Pipelines. Please advice me if i'm wrong. I guess creating a new account will be best approach for this.

Hi @waldekmastykarz,

I remove the spo when i try manually on the shell and i forget to remove from the code.
However, i'm still getting error invalid username or password error thou.

Error: AADSTS50126: Invalid username or password.

The actual script that was running

o365 login $SITE --authType password --userName $EMAIL --password $PASSWORD

o365 spo app add --filePath "./_SPFx build/SPFx sppkg/dev-ops-test-project.sppkg" --appCatalogUrl $SITE --scope $SCOPE --overwrite

o365 spo app deploy --name dev-ops-test-project.sppkg --appCatalogUrl $SITE --scope $SCOPE --skipFeatureDeployment

Any suggestion?

Thank you

I have tested by updating the script to output all my variables. The password stored in the variable have $ but when it output it just displaying as number not $. I guess this is the main issue.

Hi @muges01

Is the account still using MFA like described above? If so, this type of login won't work, unless you create an app password and use that in the 'password' field instead.
(For information about app passwords, see: Docs App Passwords

To answer your other question:
It should be possible to use the certificate approach. The challenge is to get the file in the agent which can be done using: Secure Files and the Download Secure File task.
Also remember to set the following env variables when using the certificate method:

• OFFICE365CLI_AADAPPID
• OFFICE365CLI_TENANT

(see the login-documentation)

hi @stijnbrouwers,

No, i was using normal password. I found out that when the password variable contain $ then it is not working. it doesn't like the $ in the password. I guess this is a bug.
However, i have tested the MFA user account with app password and it is still not working.

I have create a new user purely for the DevOps pipeline without MFA and it is working fine now.

I really appreciate for the info everyone. I'm happy to close this issue. Do anyone know where can i log the Azure DevOps issue?

Here is a link to the Azure DevOps support page

https://azure.microsoft.com/en-us/support/devops/

Thank you @garrytrinder