Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`SharedTokenCacheCredential` with Custom `TokenCachePersistenceOptions` Does Not Persist

See original GitHub issue

I am not getting the SharedTokenCacheCredential to work as expected. Considering the following script:

from azure.identity import (
    ChainedTokenCredential,
    InteractiveBrowserCredential,
    TokenCachePersistenceOptions,
)

TENANT_ID = "..."
cache_options = TokenCachePersistenceOptions(name="my.cache")

credential = ChainedTokenCredential(
    SharedTokenCacheCredential(
        tenant_id=TENANT_ID,
        cache_persistence_options=cache_options
    ),
    InteractiveBrowserCredential(
        tenant_id=TENANT_ID,
        cache_persistence_options=cache_options,
    )
)
credential.get_token(...)

The first time, it runs as expected. At credential.get_token(...), a browser tab opens and I am prompted to sign in. On successful sign in, it generates the token, and the script returns.

On all subsequent runs, it does not behave as expected.

  • Expected: the token should be in the persistent cache, and thus, the SharedTokenCacheCredential should be used, and I should not be prompted to sign in again.
  • Actual: it opens another browser tab and prompts me to sign in again, and prints the following to the terminal: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.

The following workaround yields the expected behavior, but uses a “private” function from the azure.identity package.

from azure.identity import (
    ChainedTokenCredential,
    InteractiveBrowserCredential,
    TokenCachePersistenceOptions,
)
+from azure.identity._persistent_cache import _load_persistent_cache

TENANT_ID = "..."
cache_options = TokenCachePersistenceOptions(name="my.cache")

credential = ChainedTokenCredential(
    SharedTokenCacheCredential(
        tenant_id=TENANT_ID,
        cache_persistence_options=cache_options,
+        _cache=_load_persistent_cache(cache_options),
    ),
    InteractiveBrowserCredential(
        tenant_id=TENANT_ID,
        cache_persistence_options=cache_options,
    )
)
credential.get_token(...)

My question is: is there another solution that uses the “public” api?

My setup:

  • OS: macOS Monterey (12.1)
  • python: 3.7.15
  • azure-identity: 1.11.0

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
pvaneckcommented, Oct 25, 2022

Hah, yea, the formatting is messed up on that doc page and will be fixed in the next release. Meanwhile, I opened #27030 which should fix the issue here.

0reactions
poocatcommented, Oct 25, 2022

Hi @poocat. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text “/unresolve” to remove the “issue-addressed” label and continue the conversation.

Yes, it has been addressed. Thank you!

In the meantime, until the bug gets fixed in a later release, it might be best to change the documentation so that it does not urge you in an enormous font to “specify a cache name to isolate the cache from other applications”.

Read more comments on GitHub >

github_iconTop Results From Across the Web

SharedTokenCacheCredential fails on macOS #28003 - GitHub
It will open a browser, and authenticate normally. T... ... TokenCachePersistenceOptions, SharedTokenCacheCredential, ... Meaning no browser pop-up.
Read more >
Class InteractiveBrowserCredentialOptions | Azure SDK for .NET
Specifies the TokenCachePersistenceOptions to be used by the credential. If not options are specified, the token cache will not be persisted.
Read more >
DefaultAzureCredential().GetTokenAsync fails when using ...
In your case, you are trying to use it for your custom web app auth with custom scope which is not officially supported...
Read more >
azure-identity - PyPI
It's a known issue that VisualStudioCodeCredential doesn't work with Azure ... Authenticate with DefaultAzureCredential; Define a custom authentication flow ...
Read more >
azure.identity.TokenCachePersistenceOptions class
If the cache is not encrypted, protecting it is the application's responsibility. ... for persistent caching cache_options = TokenCachePersistenceOptions() ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Large file timeout error in azure-storage-file-datalake

Next page

[Question] How do I retrieve the outputs of each trials of a sweep job?