Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Identity] Azure Identity should expose the original MSAL error
See original GitHub issueIs your feature request related to a problem? Please describe.
When AuthenticationRequiredError is raised, the original MSAL result (error dict) is discarded:
This makes aad_exception_handler (https://github.com/Azure/azure-cli/pull/17072) impossible to handle MSAL error directly.
Describe the solution you’d like
AuthenticationRequiredError should have an attribute referring to the original MSAL result.
Issue Analytics
- State:
- Created 3 years ago
- Comments:8 (8 by maintainers)
Top Results From Across the Web
Handle errors and exceptions in MSAL.NET - Microsoft Entra
Learn how to handle errors and exceptions, Conditional Access claims challenges, and retries in MSAL.NET.
Read more >MsalError Class (Microsoft.Identity.Client) - Azure for .NET ...
The client is unauthorized to access resource. This commonly happens when Mobile App Management (MAM) policies are enabled. MSAL will throw an exception...
Read more >Acquire and cache tokens with Microsoft Authentication ...
MSAL allows you to get tokens to access Azure AD for developers (v1.0) and the Microsoft identity platform APIs. v2.0 protocol uses scopes ......
Read more >Unable to use AddSignIn Method of Microsoft.Identity.Web ...
We want to use MSAL for Authentication in our Web application with Web API using Authorization Code Flow.
Read more >Azure Identity client library for JavaScript | Microsoft Learn
Most of the credential types offered by @azure/identity use the Microsoft Authentication Library for JavaScript (MSAL.js).
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
From MSAL’s perspective, an error response is equally likely as a successful response, so the return value is a
dictin both cases. But feel free to wrap it inside an exception as you see fit.By the way, that Exception Chaining was introduced since Python 3.3. This might not be a problem for Azure CLI as an application, but historically Azure Identity and MSAL work with Python 2.7 too.
Maybe we can start with
erroranderror_description, which are mentioned in the OAuth2 specs. I don’t see them going away in the future. Thecorrelation_idis an AAD practice that could also be helpful during troubleshooting, if the customer does not have other ways to obtain it.As discussed offline, I’ve opened a PR to address this by attaching Azure AD’s HTTP response to authentication exceptions whenever possible. That will provide all the information returned by MSAL after an auth failure while remaining consistent with exceptions raised by credentials that do not use MSAL.