[OIDC] Better inform Entra ID users of error when missing 'Requested scope' in OIDC config

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Unresolved
    • Priority: Major - P3
    • None
    • Affects Version/s: None
    • Component/s: OIDC DB Auth
    • 3
    • None
    • Developer Tools

      When setting up OIDC with Entra ID, if 'Requested scopes' (optional field) is not filled with '<client id>/.default', the users trying to authn will seeing Login successful in browser, but authn failed in shell. In the database access history, there will be three entries: one successful, then two failures because the token issuer is STS and not login.microsoft.com. 

      To improve this, do not show 'login successful' on browser. If it's not a security issue, we could also show a more informative error message than 'authn failure' in shell.

              Assignee:
              Unassigned
              Reporter:
              Isabelle Williams
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: