search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.56k stars 2.78k forks source link

TokenCachePersistenceOptions apparently not working with DeviceCodeCredential #37576

Open benprofessionaledition opened 1 day ago

benprofessionaledition commented 1 day ago

Describe the bug When instantiating a DeviceCodeCredential using TokenCachePersistenceOptions, nothing appears to be cached and I need to re-authenticate using the device code flow every time.

To Reproduce The following script is a minimal example using AzureML. It prompts for a Device Code and then logs in. 

import os

from azure.ai.ml import MLClient
from azure.identity import DeviceCodeCredential, TokenCachePersistenceOptions

from .constants import AML_SUBSCRIPTION_ID, AML_RESOURCE_GROUP, AML_WORKSPACE

cache_path = os.path.expanduser("~/.azure/msal_token_cache.json")

token_cache_options = TokenCachePersistenceOptions(name=cache_path, allow_unencrypted_storage=True)
credential = DeviceCodeCredential(token_cache_persistence_options=token_cache_options)

client = MLClient(
    credential=credential,
    subscription_id=AML_SUBSCRIPTION_ID,
    resource_group_name=AML_RESOURCE_GROUP,
    workspace_name=AML_WORKSPACE,
)

# do something useless that requires authentication
jobs = client.jobs.list()
_ = [j.name for j in jobs]

print("Successfully ran the script")

Expected behavior I would expect that running this script a second time, or instantiating a new DeviceCodeCredential and getting a token from it, would not request authentication again.

Screenshots n/a

Additional context I have scoured every single available resource online, including documentation and the source code and cannot figure out how to actually cache these credentials/tokens/authorization records/whatever it is that's necessary to prevent having to log in every single time. I am fine using a different credential type if the cache exists, however DefaultAzureCredentials uses a different tenant ID, and seemingly continues to do so even if I specify the tenant ID in the constructor.

github-actions[bot] commented 1 day ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

xiangyan99 commented 1 day ago

Thanks for reaching out.

Please refer https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/identity/azure-identity/TOKEN_CACHING.md for samples how to authenticate a user silently.

github-actions[bot] commented 1 day ago

Hi @benprofessionaledition. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.