private string GetEmailAddressFromExternalLoginResult(AuthenticateExternalLoginResult result, out string errorReason)
 {
     try
     {
         var userInformation = result.Authenticator?.GetIdentityInformation(result.ExternalIdentity);
         errorReason = null;
         return(userInformation.Email);
     }
     catch (ArgumentException ex)
     {
         errorReason = ex.Message;
         return(null);
     }
 }
        internal bool ShouldEnforceMultiFactorAuthentication(AuthenticateExternalLoginResult result)
        {
            if (result?.Authenticator == null || result.Authentication == null)
            {
                return(false);
            }

            // Enforce multi-factor authentication only if:
            // 1. The authenticator supports multi-factor authentication, otherwise no use.
            // 2. The user has enabled multi-factor authentication for their account.
            // 3. The user authenticated with the personal microsoft account. AAD 2FA policy is controlled by the tenant admins.
            // 4. The user did not use the multi-factor authentication for the session, obviously.
            return(result.Authenticator.SupportsMultiFactorAuthentication() &&
                   result.Authentication.User.EnableMultiFactorAuthentication &&
                   !result.LoginDetails.WasMultiFactorAuthenticated &&
                   result.Authentication.CredentialUsed.IsExternal() &&
                   (CredentialTypes.IsMicrosoftAccount(result.Authentication.CredentialUsed.Type)));
        }