OneLogin provider does not support pinentry prompter for MFA

## Problem

The OneLogin provider does not work with `--prompter=pinentry` for MFA code entry. When configured, saml2aws still prompts interactively for the verification code.

## Root Cause

In `pkg/provider/onelogin/onelogin.go` line 290, the MFA code is requested via:

```go
verifyCode := prompter.StringRequired("Enter verification code")
```

The pinentry prompter (`pkg/prompter/pinentry.go`) only intercepts `RequestSecurityCode()`. All other methods, including `StringRequired()`, delegate to the default CLI/survey prompter. This means the OneLogin provider bypasses pinentry entirely.

Every other provider that supports MFA uses `RequestSecurityCode()`:
- Okta (`okta.go:819`)
- Keycloak (`keycloak.go:286`)
- ADFS (`adfs.go:133`)
- GoogleApps (`googleapps.go:347`, `googleapps.go:446`)
- F5 APM (`f5apm.go:82`)
- Shibboleth ECP (`shibbolethecp.go:104`)

## Suggested Fix

Change line 290 in `pkg/provider/onelogin/onelogin.go` from:

```go
verifyCode := prompter.StringRequired("Enter verification code")
```

to:

```go
verifyCode := prompter.RequestSecurityCode("000000")
```

This matches the pattern used by all other providers and routes the MFA prompt through the pinentry interface when `--prompter=pinentry` is configured.

## Note

The AAD provider (`pkg/provider/aad/aad.go:463`) has the same issue.

## Environment

- saml2aws v2.36.19
- OneLogin IdP
- macOS

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OneLogin provider does not support pinentry prompter for MFA #1519

Problem

Root Cause

Suggested Fix

Note

Environment

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

OneLogin provider does not support pinentry prompter for MFA #1519

Description

Problem

Root Cause

Suggested Fix

Note

Environment

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions